what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

tagfuzz.txt

tagfuzz.txt
Posted Nov 25, 2008
Authored by r0ut3r

TagFuzzer is a fuzzing utility that edits tag information for a supplied file. Supports MP3, M4A, M4P, MP4, M4B, 3GP, OGG, and FLAC formats.

tags | fuzzer
SHA-256 | 6ea8345c7e60081071fe0e6685179fd102ae6f0146579fee5e456e407fd59f99

tagfuzz.txt

Change Mirror Download
#!/usr/bin/perl
# TagFuzzer
#
# Information: This fuzzer edits tag information from a
# supplied file.
# Supported : MP3, M4A, M4P, MP4, M4B, 3GP, OGG, FLAC
# Developed : 03/11/2008
# Released : 24/11/2008
#
# Written by r0ut3r (writ3r [at] gmail.com / www.bmgsec.com.au)
# If you find something using this fuzzer, greet my TagFuzz!
#
# Note: You need to supply a sample file of the format you want
# fuzz!
#
# Requires the following modules installed:
# - File::Spec
# - Options::Config
# - Getopt::Std
# - Music::Tag
# - Music::Tag::Auto
# - Music::Tag::MP3

use Music::Tag;
use Getopt::Std;

# Test patterns
@overflow = ('A' x 20, 'A' x 80, 'A' x 140, 'A' x 260, 'A' x 360, 'A' x 480, 'A' x 680, 'A' x 780, 'A' x 940, 'A' x 1300, 'A' x 2600, 'A' x 3500, 'A' x 4500, 'A' x 5500, 'A' x 8200, 'A' x 11000, 'A' x 50000, 'A' x 110000, 'A/' x 8000, "\0x99" x 1200);

@fmtstring = ("%n%n%n%n%n", "%p%p%p%p%p", "%s%s%s%s%s", "%d%d%d%d%d", "%x%x%x%x%x",
"%s%p%x%d", "%.1024d", "%.1025d", "%.2048d", "%.2049d", "%.4096d", "%.4097d",
"%99999999999s", "%08x", "%%20n", "%%20p", "%%20s", "%%20d", "%%20x",
"%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%", "\0xCD" x 50, "\0xCB" x 50);

@numbers = ("0", "-0", "1", "-1", "32767", "-32768", "2147483647", "-2147483647", "2147483648", "-2147483648",
"4294967294", "4294967295", "4294967296", "357913942", "-357913942", "536870912", "-536870912",
"1.79769313486231E+308", "3.39519326559384E-313", "99999999999", "-99999999999", "0x100", "0x1000",
"0x3fffffff", "0x7ffffffe", "0x7fffffff", "0x80000000", "0xffff", "0xfffffffe", "0xfffffff", "0xffffffff",
"0x10000", "0x100000", "0x99999999", "65535", "65536", "65537", "16777215", "16777216", "16777217", "-268435455");

@miscbugs = ("<<<<<>>>>>", "test|touch /tmp/ZfZ-PWNED|test", "test`touch /tmp/ZfZ-PWNED`test", "test'touch /tmp/ZfZ-PWNED'test", "test;touch /tmp/ZfZ-PWNED;test",
"test&&touch /tmp/ZfZ-PWNED&&test", "test|C:/WINDOWS/system32/calc.exe|test", "test`C:/WINDOWS/system32/calc.exe`test",
"test'C:/WINDOWS/system32/calc.exe'test", "test;C:/WINDOWS/system32/calc.exe;test", "/bin/sh", "C:/WINDOWS/system32/calc.exe",
"¶§¼½¿", "%0xa", "%u000", "/" x 200, "\\" x 200);

# Class properties
@properties = ("album", "album_type", "albumartist", "albumartist_sortname", "artist", "artist_type", "asin", "bitrate", "booklet", "comment", "compilation", "composer", "copyright", "country", "disc", "disctitle", "discnum", "duration", "ean", "encoder", "filename", "filedir", "frequency", "genre", "jan", "label", "lyrics", "rating", "recorddate", "recordepoch", "recordtime", "releasedate", "secs", "sortname", "tempo", "title", "totaldiscs", "totaltracks", "track", "tracknum", "upc", "url", "year");

getopts('t:f:', \%opts);
$target = $opts{'t'};
$file = $opts{'f'};

if (!defined($target) || !defined($file))
{
print "#################################################################";
print "\n# TagFuzzer #";
print "\n# #";
print "\n# Information: This fuzzer edits tag information from a #";
print "\n# supplied file. #";
print "\n# Supported : MP3, M4A, M4P, MP4, M4B, 3GP, OGG, FLAC #";
print "\n# #";
print "\n# Usage : $0 -t <app> -f <file> #";
print "\n# Released : 24/11/2008 #";
print "\n# Written By : r0ut3r (writ3r [at] gmail.com / bmgsec.com.au) #";
print "\n#################################################################\n";
exit(0);
}

print "[!] Fuzzing process beginning [Target: $target, File: $file]\n";

$c = 0;
foreach (@properties)
{
my $prop = $_;
print "[+] Stage ".$c." [".$prop."]: ";

foreach (@overflow)
{
$e = $_;
my $info = Music::Tag->new($file, { quiet => 1 }, "Auto");
$info->get_tag();
$info->$prop($e);

$info->set_tag();
$info->close();

my $pid = fork();
defined $pid or die "Unable to fork: $!\n";

if ($pid == 0)
{
system($target." ".$file."&> /dev/null");
}

sleep(3);
kill("TERM" => $pid);
}
print "o";

foreach (@fmtstring)
{
$e = $_;
my $info = Music::Tag->new($file, { quiet => 1 }, "Auto");
$info->get_tag();
$info->$prop($e);

$info->set_tag();
$info->close();

my $pid = fork();
defined $pid or die "Unable to fork: $!\n";

if ($pid == 0)
{
system($target." ".$file."&> /dev/null");
}

sleep(3);
kill("TERM" => $pid);
}
print "f";

foreach (@numbers)
{
$e = $_;
my $info = Music::Tag->new($file, { quiet => 1 }, "Auto");
$info->get_tag();
$info->$prop($e);

$info->set_tag();
$info->close();

my $pid = fork();
defined $pid or die "Unable to fork: $!\n";

if ($pid == 0)
{
system($target." ".$file."&> /dev/null");
}

sleep(3);
kill("TERM" => $pid);
}
print "n";

foreach (@miscbugs)
{
$e = $_;
my $info = Music::Tag->new($file, { quiet => 1 }, "Auto");

$info->get_tag();
$info->$prop($e);

$info->set_tag();
$info->close();

my $pid = fork();
defined $pid or die "Unable to fork: $!\n";

if ($pid == 0)
{
system($target." ".$file."&> /dev/null");
}

sleep(3);
kill("TERM" => $pid);
}
print "m\n";

$c++;
}

print "[!] Process complete. Anything?\n";

Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close