See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
After exploiting this application manually I decided to make this
an MSF exploit, only to find that other people had beaten me to it.
However, the existing exploit was broken in a few ways, and this
commit makes those problems go away. They include:
* Correct use of alpha chars in the buffer leading up to the payload
which results in bad chars being avoided. Bad chars muck with the
offsets because they get expanded.
* Adjustment of the payload so that it runs in another thread instead
of in the thread of the request handler. This prevents the session
from being killed after the hard-coded 60-second timeout that is
baked into the application.
* The handler thread terminates itself so that the process doesn't
crash.
* Extra targets were added based on the machines I had access to.
Brent Cook
William Vu
wchen-r7
Christian Mehlmauer
URI Assassin
jvazquez-r7
OJ
Tod Beardsley
Nathan Einwechter