Calavera uploader 3.5 ftp logi denial of service (poc + seh overwrite) Vulnerability / Exploit
Exploits / Vulnerability Discovered : 2020-07-26 |
Type : dos |
Platform : windows
This exploit / vulnerability Calavera uploader 3.5 ftp logi denial of service (poc + seh overwrite) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)
# Date: 2020-07-20
# Author: Felipe Winsnes
# Software Link:
# Version: 3.5
# Tested on: Windows 7 (x86)
# Blog:
# Sadly enough, this vulnerability is not exploitable as there are no friendly PPR addresses available and
# yet the vulnerability is triggered with additional padding == can't use addresses with null values.
# Proof of Concept:
# 1.- Run the python script, it will create a new file "poc.txt".
# 2.- Copy the content of the new file 'poc.txt' to clipboard.
# 3.- Open the Application.
# 4.- Click on "Settings".
# 4.- Paste contents of the generated file into the parameters "FTP Address", "Username" and Password". Furthermore, check the box with the statement "Check to save password in preferences".
# 5.- Crashed.
# 6.- As uploadpref.dat is generated, every time the application opens it will crash, with the SEH values being overwritten. In order to stop this behavior simply delete the file.
# If the contents are only pasted into "Password", the application will only crash once without creating uploadpref.dat.