melange chat server. Vulnerable turn it off
/*
Proof of Concept for Melange Chat Server 1.10
a lame remote bof exploit by XXXXX 12/24/02
Credits go to:
- iDefense Labs for the advisory
- blink for discovering the bug
- Irian for the shellcode
With careful calculation it is *possible* to control even the EIP,
not just one byte of EIP.
There are to a few things that will happen if we use a wrong ret address:
1. Seg fault / shut down.
2. Keep on going < nothing happens >.
Code tested on Suse 8.0 and RH 7.3
Merry Xmas
*/
Proof of Concept for Melange Chat Server 1.10
a lame remote bof exploit by XXXXX 12/24/02
Credits go to:
- iDefense Labs for the advisory
- blink for discovering the bug
- Irian for the shellcode
With careful calculation it is *possible* to control even the EIP,
not just one byte of EIP.
There are to a few things that will happen if we use a wrong ret address:
1. Seg fault / shut down.
2. Keep on going < nothing happens >.
Code tested on Suse 8.0 and RH 7.3
Merry Xmas
*/
A remotely exploitable buffer overflow in the product allows a remote attacker to completely compromise the server. The following is an exploit code that can be used to test your own system for the mentioned vulnerability.
Cpanels banner for melange:
Melange Chat Server (Version 1.10)
