Dove gray control terminal of the logic vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62200923311
Type myhack58
Reporter 佚名
Modified 2009-05-22T00:00:00


Source: CISRG Group

Release time: 2009-5-19 Update time: 2009-5-19 Severity: weak Threat level: control the remote host Error type: logic error Use mode: a host mode

Affected systems

Source dove gray v1. 2 all previous versions, the updated versions not tested, estimation also exist.

Does not affect the system


Detailed description

Dove gray open-source v1. Version 2 may include the latest version of dove gray as well as from this on the basis of the modification on Xing findvulnerabilitiesa logic vulnerabilities, these vulnerabilities can be user to use, if you open the control terminal and the operation once the local open, any one of the controlled end of the CAN to the control terminal to send an arbitrary file and execute it.

Exploit code

//----------------------------------------------------- 1 7{local open} if RecCMD = '0 1 7' then begin try RsltStream := TmemoryStream. Create; try i := AThread. Connection. ReadInteger; AThread. Connection. ReadStream(RsltStream, i, False); RsltStream. Position := 0; RsltStream. SaveToFile(HgzVip. Qviwepath); ShellExecute(0, 'Open', pchar(HgzVip. Qviwepath),nil, nil, SW_NORMAL); HgzVip. AddLineStr(HgzVip. Translate('ZhuanTai137','local open Remote files successfully.'), 1, False); except HgzVip. AddLineStr(HgzVip. Translate('ZhuanTai138','local open Remote File error! The connection has been disconnected!'), 2, False); end; RsltStream. Free; except end; HgzVip. Enabled := True; Exit; end;



Related information

email: Web: