CVE-2017-9544 PoC — EFS Software Easy Chat Server 缓冲区错误漏洞

Source

https://github.com/adenkiewicz/CVE-2017-9544

Associated Vulnerability

Title:EFS Software Easy Chat Server 缓冲区错误漏洞 (CVE-2017-9544)
Description:Efs Software EFS Easy Chat Server是荷兰EFS Software（Efs Software）公司的一套在线聊天服务器软件。 EFS Software Easy Chat Server 2.0版本至3.1版本中的register.ghp文件存在缓冲区错误漏洞。远程攻击者可通过向registresult.htm页面发送超长的用户字符串利用该漏洞执行任意代码。

Description

SEH BO based exploit for Easy Chat Server on Win 7 32b

Readme

# CVE-2017-9544

Exploit for SEH based buffer overflow in Easy Chat Server (CVE-2017-9544)

Based on:
* pwntools
* msfvenom / reverse\_tcp payload
* ropper
* x64dbg

Vulnerable app available at https://www.exploit-db.com/exploits/42155

## Setup

* Set victim IP to 192.168.15.100 and start Easy Chat Server.
* Set attacker IP to 192.168.15.101 and run `python main.py`
* Wait for reverse shell

File Snapshot


 [4.0K]  /data/pocs/0ad2fe1f7b5d908d434fae64078feb4e46350f3a
├── [5.2K]  main.py
└── [ 395]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!