Posts

Newest Post: Einthesia Echoes

The main logo of my personal project's timeline, Einthesia Echoes, has just been updated. A few new side stories will be featured after releasing all the introduction episode segments, besides revealing several lore concepts from it, so stay tuned for more updates.

WinMUGEN Exploits: Command Trigger Buffer Overflow

+2
Good evening, my friends. Well, today we are going to talk about a new exploit, found in WinMUGEN. Information provided by ydccdy, a Chinese MUGEN author, has revealed the existence of an exploit found in the CMD processor,  the command expressions to be exact. , whose main function is to trigger determined actions from the commands written in StateDef -1. After having taken a look at the exploit, I have noticed the command name length is fixed to 64 bytes, giving the chance to execute arbitrary code from a CMD expression by surpassing this length, basically a buffer overflow. What M.U.G.E.N authors put in their state controllers to make use of the commands, either it can be used to execute arbitrary code, for example, these 2 pictures: Command = "Insert all your shellcode here, it is less versatile, but well. 1234" Note: The 1234 characters are used as a return address for the exploit. I have made this character after spending a few hours to pr...
0