Search...

Budabot 4.0 - Denial of Service (PoC)

2018-12-03T00:00:00

ID EDB-ID:45934
Type exploitdb
Reporter Exploit-DB
Modified 2018-12-03T00:00:00

Description

                                        
                                            # Exploit Title: Budabot 4.0 - Denial of Service (PoC)
# Date: 2018-10-15
# Exploit Author: Ryan Delaney
# Author Contact: ryan.delaney@owasp.org
# Vendor Homepage: http://budabot.com/
# Software Link: http://budabot.com/forum/viewtopic.php?f=8&t=1413
# Version: 0.6 -&gt; 4.0
# Tested on: 4.0
# CVE: CVE-2018-19290

# 1. Description
# In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation
# allows remote attackers to perform a command injection attack against the
# PHP daemon with a crafted command, resulting in a denial of service or
# possibly unspecified other impact. In versions before 3.0,
# modules/HELPBOT_MODULE/calc.php has the vulnerable code; in 3.0 and above,
# modules/HELPBOT_MODULE/HelpbotController.class.php has the vulnerable code.

# 2. Proof of Concept

Start the Budabot listener, set valid configuration options, and wait for
the chatbot to announce it's ready in-game.
Send the chatbot a private message containing "!calc 5 x 5", and the
Budabot listener will terminate.

JSON Vulners Source

Initial Source

{"id": "EDB-ID:45934", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Budabot 4.0 - Denial of Service (PoC)", "description": "", "published": "2018-12-03T00:00:00", "modified": "2018-12-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/45934", "reporter": "Exploit-DB", "references": [], "cvelist": [], "lastseen": "2018-12-03T10:03:07", "viewCount": 22, "enchantments": {"score": {"value": -0.5, "vector": "NONE", "modified": "2018-12-03T10:03:07", "rev": 2}, "dependencies": {"references": [], "modified": "2018-12-03T10:03:07", "rev": 2}, "vulnersScore": -0.5}, "sourceHref": "https://www.exploit-db.com/download/45934", "sourceData": "# Exploit Title: Budabot 4.0 - Denial of Service (PoC)\r\n# Date: 2018-10-15\r\n# Exploit Author: Ryan Delaney\r\n# Author Contact: ryan.delaney@owasp.org\r\n# Vendor Homepage: http://budabot.com/\r\n# Software Link: http://budabot.com/forum/viewtopic.php?f=8&t=1413\r\n# Version: 0.6 -> 4.0\r\n# Tested on: 4.0\r\n# CVE: CVE-2018-19290\r\n\r\n# 1. Description\r\n# In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation\r\n# allows remote attackers to perform a command injection attack against the\r\n# PHP daemon with a crafted command, resulting in a denial of service or\r\n# possibly unspecified other impact. In versions before 3.0,\r\n# modules/HELPBOT_MODULE/calc.php has the vulnerable code; in 3.0 and above,\r\n# modules/HELPBOT_MODULE/HelpbotController.class.php has the vulnerable code.\r\n\r\n# 2. Proof of Concept\r\n\r\nStart the Budabot listener, set valid configuration options, and wait for\r\nthe chatbot to announce it's ready in-game.\r\nSend the chatbot a private message containing \"!calc 5 x 5\", and the\r\nBudabot listener will terminate.", "osvdbidlist": []}