A Metasploit module for Locale::Maketext format string attack

The meeting began with some general discussion. Given the topic of the night, the discussion tended to focus on security issues. After swapping stories of computer issues and TSA security news, JD opened the actual presentation.

He began with some information about classical format string vulnerabilities as seen in the C printf function. He pointed out that Perl's printf doesn't have all of the problems of the C implementation, but it is still not perfect.

Then, he moved on to describing the problems with the format string in used in Locale::Maketext. He shows how the format string can be used to execute any method on the locale object, that may be a subclass of Locale::Maketext. With a small amount of effort this can turn into a straight-forward remote-code exploit.

He goes on to show how Moveable Type's combination of Template::Toolkit and Locale::Maketext in two separate passes makes for a quick exploit.

After the main presentation, the discussion wandered over a number of programming topics, including observations and commentary on problems that some were having with code.

We had 7 people attending this month. As always, we'd like to thank HostGator, LLC for providing the meeting space and food for the group.