(08-28-2011, 04:51 PM)c0d3HitLER Wrote: (08-28-2011, 04:29 PM)james0baster Wrote: Description This module exploits a stack buffer overflow in Facebook Photo Uploader 4. By sending an overly long string to the "ExtractIptc()" property located in the ImageUploader4.ocx (4.5.57.0) Control, an attacker may be able to execute arbitrary code. References:
CVE: 2008-5711
OSVDB: 41073
BID: 27534
URL: http://milw0rm.com/exploits/5049
Authors : MC
License : Metasploit Framework License (BSD)
Version : 12540
TARGET : IE 6 SP0-SP2 / Windows XP SP2 Pro English
jadi intinya ini membuat stack ketika upload foto gt?
wah hanya IE 6 rupanya
bukan stak, coba pake aja, bisa ngaktifkan session
jadi tinggal tergantung mau gunain payload apa :pc:
meterpreter juga jalan
yah susahnya kan jarang yg make tuh IE sekarang ini =))