I usually don’t just go and post exploits without much explanation.
I just thought this exploit would be interesting to study since it’s a popular program.
Also, the exploit was coded before, but only in python and ruby, so since this is a perl version, it deserves to be put on here too.
This is a remote buffer overflow for QuickTime 7.2/7.3
First of all, this is not my own work, i’m just spreading the word.
Original article can be found here and full credit goes out to the original author.
1 – Introduction
2 – Finding LFI
3 – Checking if proc/self/environ is accessible
4 – Injecting malicious code
5 – Access our shell
6 – Shoutz
Last week at the ACM Conference on Computer and Communications Security, security researchers Joshua Mason, Sam Small, Fabian Monrose, and Greg MacManus presented a method they developed to generate English shell code [PDF]. Using content from Wikipedia and other public works to train their engine, they convert arbitrary x86 shell code into sentences that read like spam, but are natively executable.
A new wordpress exploit has been discovered just recently creating a buffer overflow that will generate a lot of traffic. And I mean a LOT.
A quick temporary patch is to add these lines into your apache config file.
Please, if you like this blog, consider a donation. The amount can be as small or big as you wish for it to be.
The money will be used for buying a domain and expanding this blog. So I'm doing this not for me, but also for you.
Half of the money every month (if more than 5$) will go to hackers for charity : http://johnny.ihackstuff.com/
The Exploitant 