Exploits / Vulnerability Discovered : 2020-04-02 |
Type : local |
Platform : windows
This exploit / vulnerability Diskboss 7.7.14 input directory local buffer overflow (poc) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: DiskBoss 7.7.14 - 'Input Directory' Local Buffer Overflow (PoC)
# Vendor Homepage: https://www.diskboss.com/
# Software Link Download: https://github.com/x00x00x00x00/diskboss_7.7.14/raw/master/diskboss_setup_v7.7.14.exe
# Exploit Author: Paras Bhatia
# Discovery Date: 2020-04-01
# Vulnerable Software: DiskBoss
# Version: 7.7.14
# Vulnerability Type: Local Buffer Overflow
# Tested on: Windows 7 Ultimate Service Pack 1 (32 bit - English)
#Steps to Produce the Crash:
# 1.- Run python code: DiskbossLCE.py
# 2.- Copy content to clipboard
# 3.- Turn off DEP for diskbsg.exe
# 4.- Open "diskboss.exe" (diskbsg.exe)
# 5.- Go to "Command" > Search Files
# 6.- Click on second + icon (located at right side of "Search Disks, Directories and Network Shares")
# 7.- Click on " Add Input Directory"
# 8.- Paste ClipBoard into the "Directory" field
# 9.- Click on OK
# 10.- Calc.exe runs