added audiotran_pls_1424 fileformat for Windows #3000
Conversation
|
Where did you get the p/p/r from, and why did you need to change it? |
| 'Platform' => 'win', | ||
| 'Targets' => | ||
| [ | ||
| [ 'Windows Universal', { 'Ret' => 0x1001cd67 } ], #p/p/r |
There was a problem hiding this comment.
Please comment where you got your p/p/r from. :)
|
Just looking for an explanation. :) |
|
It did not need to be changed and I don't mind changing this back to the On Sun, Feb 16, 2014 at 4:40 PM, wvu-r7 notifications@github.com wrote:
|
| end | ||
|
|
||
| def exploit | ||
| sploit = "\x5B\x70\x6C\x61\x79\x6C\x69\x73\x74\x5D\x0D\x0A\x46\x69\x6C\x65\x31\x3D" |
There was a problem hiding this comment.
sploit = "[playlist]\r\nFile1="
There was a problem hiding this comment.
I understand that the line is from the original exploit, but we have no need to hide things as hex. :)
|
Ah, okay. If it's a reliable p/p/r, then that's great. Just comment where you got it from. Thanks! |
|
Specifically where you got it from. So, the binary? A DLL? Which DLL? :) |
|
I suppose I could figure it out myself, but I'll let you make the commit. :P Exploit looks great, btw! |
|
Windows XP SP3: Windows 7 SP1: |
|
Awesome, thank you for verifying! I should have posted output from the testing I did as well. Let me know if there is anything else I need to do to get this merged in. |
|
Thanks for being on top of this, @Fillfish. :) |
|
This is missing references and disclosure date. |
This is a port of an SEH exploit from exploit-db[1]. I modified the p/p/r address of the exploit and testing this on Windows XP. The exploit-db page has a link to the vulnerable software for testing.
[1] http://www.exploit-db.com/exploits/14961/