Description:
The vulnerability lies in 'UserID', there is no character limit present.Original shellcode executes 'calc.exe' on the target machine, using ps1encode sct (Windows Scriptlet) payload we can get a shell as shown in this poc.
Title: Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow (DEP Bypass)
CVE Number: CVE-2018-9059
Type: Remote
Vulnerable Application: Easy File Sharing Web Server v7.2
Tested on: Windows 7 Enterprise Edition (SP1)
Attacker Machine: Kali Linux 2018.2
Video POC
The vulnerability lies in 'UserID', there is no character limit present.Original shellcode executes 'calc.exe' on the target machine, using ps1encode sct (Windows Scriptlet) payload we can get a shell as shown in this poc.
Title: Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow (DEP Bypass)
CVE Number: CVE-2018-9059
Type: Remote
Vulnerable Application: Easy File Sharing Web Server v7.2
Tested on: Windows 7 Enterprise Edition (SP1)
Attacker Machine: Kali Linux 2018.2
Video POC
0 Comments