CVE-2004-2271 PoC — MiniShare超长URL处理远程任意指令执行漏洞

Source

https://github.com/pwncone/CVE-2004-2271-MiniShare-1.4.1-BOF

Associated Vulnerability

Title:MiniShare超长URL处理远程任意指令执行漏洞 (CVE-2004-2271)
Description:MiniShare是一款文件共享系统。 MiniShare对超长URL请求处理不正确，远程攻击者可以利用这个漏洞对服务程序进行缓冲区溢出，可能以进程权限执行任意指令。攻击者提交超长的HTTP GET请求，可发生缓冲区溢出，尽心构建提交数据可能以进程权限执行任意指令。

Description

A python implementation of CVE-2004-2271 targeting MiniShare 1.4.1.

Readme

# CVE-2004-2271 - MiniShare 1.4.1 - BOF

## References
https://nvd.nist.gov/vuln/detail/CVE-2004-2271

## Vulnerability
MiniShare 1.4.1 has no bounds checking on HTTP GET requests it receives.
By sending a long, malformed HTTP GET request, an attacker can perform a buffer overflow and execute arbitrary code on the system.

## Exploit Notes
- Only 210 bytes of space are available for shellcode after EIP is overwritten. 
	- Therefore, this exploit places the exploit shellcode into the "Host: " header of the GET request and makes use of egghunter shellcode to find the malicious shellcode in memory.

File Snapshot


 [4.0K]  /data/pocs/00f5e5971a112eea908ea4ffdea1845c1c30899a
├── [5.0K]  minishare.py
└── [ 615]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!