Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2016-8863 PoC — Portable UPnP SDK 缓冲区错误漏洞

Source
https://github.com/mephi42/CVE-2016-8863
Associated Vulnerability
Title:Portable UPnP SDK 缓冲区错误漏洞 (CVE-2016-8863)
Description:Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.
Description
CTFs are fun, but what about exploiting a real bug?
Readme
# Targets

pupnp [release-1.6.18](https://github.com/pupnp/pupnp/tree/release-1.6.18) ...

* ... running on [i386 Ubuntu 16.04](i386-xenial).

# Fix

commit [9c099c2923ab](https://github.com/pupnp/pupnp/commit/9c099c2923ab)
("Fix out-of-bound access in create_url_list() (CVE-2016-8863)").
File Snapshot

 [4.0K]  /data/pocs/a75891b0ca7d42a7f41f3af449d9525a25cd3ce6
├── [4.0K]  i386-xenial
│   ├── [  92]  build
│   ├── [4.4K]  exploit
│   ├── [4.0K]  image
│   │   └── [1.5K]  Dockerfile
│   └── [ 332]  run
├── [4.0K]  pupnp
└── [ 290]  README.md

3 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →