2024年3月10日发(作者:)

……………………………………………………………最新资料推荐…………………………………………………

深信服科技EasyConnectVpn 0day漏洞分析与利用

环境: xp sp3

浏览器: xp sp3 自带的ie6

(安装install程序,程序目录C:Program FilesSangforSSL)

一、先用windbg加载poc(c:)

然后g运行程序,出现异常,异常情况如下:

0:000> g

(8): Access violation - code c0000005 (first chance)

First chance exceptions are reported before any exception handling.

1

……………………………………………………………最新资料推荐…………………………………………………

This exception may be expected and handled.

eax=0000004a ebx=022cde82 ecx=0013e140 edx=00140000 esi=0013df00

edi=0013e140

eip=77c12332 esp=0013dea0 ebp=0013deac iopl=0 nv up ei pl nz na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202

msvcrt!wscanf+0x6c:

77c12332 8802 mov byte ptr [edx],al ds:0023:00140000=41

*** ERROR: Symbol file could not be found. Defaulted to export symbols for

C:Program -

然后kv 查看异常时的堆栈情况,猜测出现异常的模块。

异常处的代码:

0:000> u msvcrt!wscanf+0x6c

msvcrt!wscanf+0x6c:

77c12332 8802 mov byte ptr [edx],al //此处发生异常

2