Keamanan siber, sejak 2007.
Keamanan siber, sejak 2007.
Hi again, we tried to make a universal DEP and ASLR bypass version on BlazeVideo HDTV Player 6.x. This exploit is already public, but we just want to make it universal.Take a look at mona.py 🙂 awesome tool developed by…
Beberapa waktu yang lalu saya udah memberikan tutorial basic exploit development (direct return technique) dan exploit development berbasis SEH. Sekarang mari kita porting exploit tersebut ke Metasploit Framework agar exploit tersebut semakin reliable dan bisa menggunakan macam-macam payload, fitur-fitur canggih…
ScriptFTP client is vulnerable against remote buffer overflow vulnerability. The condition is triggered while processing LIST FTP command with excessive length. The vulnerability is confirmed in version 3.3. Other version may also be affected. Software Description ScriptFTP is a FTP…
Kali ini saya akan coba tehnik lain dari stack overflow, yaitu stack overflow berbasis SEH. Apa itu SEH? silakan dibaca diliteratur-literatur berikut: Structured Exception Handling Win32 Exception handling for assembler programmers Tidak ada yang lebih menyenangkan daripada belajar sambil mencoba.…
Software Description Mel0n Player is a famous software in Indonesia to play music that are provided by the Melon portal (). This software can play any music file types such as mp3, wav, wma, mp4, and others. This player can…
Saya nulis ini supaya ga lupa. Sebenarnya bisa dicari lagi sih alamat ini, cuma lebih enak klo udah ada disini tanpa nyari lagi khan?!. Sejumlah alamat yang dipake untuk tehnik ROP, sbb: VirtualAlloc() Secara sederhana, fungsi VirtualAlloc() akan mengalokasikan memory…
QuickShare File Server is prone to a FTP directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to modify files outside the destination directory and possibly gain access to the system. Software…
A vulnerability has been discovered in FTPGetter, which can be exploited by malicious people to compromise a user’s system. The issue is likely due to insufficient bounds checking and presents itself when the affected FTP client makes a connection to…
SolarFTP Server 2.0 is prone to a denial of service condition. It fails to properly sanitize user-supplied input resulting in a denial of service. With a specially crafted ‘USER’, ‘APPE’, ‘GET’, ‘PUT’, and ‘NLST’ command, a remote attacker can potentially…
Iseng-iseng nyari aplikasi yang bisa diotak-atik buat maenan SEH, dapet juga aplikasi Batch Audio Converter <= v.0.4.0.0 dan berhasil di eksploitasi dengan sukses melalui SEH Overflow (tulisan mengenai SEH secara jelas bisa dilihat di situs Peter Van Eeckhoutte dan situs…