Budabot 4.0 Denial Of Service

2018.11.17
Credit: Ryan Delaney
Risk: Low
Local: Yes
Remote: No
CWE: CWE-78


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

<!-- # Exploit Title: Budabot !calc Denial of Service # Date: 15-10-2018 # Exploit Author: Ryan Delaney # Author Contact: ryan.delaney@owasp.org # Author LinkedIn: https://www.linkedin.com/in/infosecrd/ # Vendor Homepage: http://budabot.com/ # Software Link: https://github.com/Budabot/Budabot/releases # Version: 0.6 -> 4.0 # Tested on: 4.0 # CVE: CVE-2018-19290 1. Description In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified other impact. In versions before 3.0, modules/HELPBOT_MODULE/calc.php has the vulnerable code; in 3.0 and above, modules/HELPBOT_MODULE/HelpbotController.class.php has the vulnerable code. 2. Proof of Concept Start the Budabot listener, set valid configuration options, and wait for the chatbot to announce it's ready in-game. Send the chatbot a private message containing "!calc 5 x 5", and the Budabot listener will terminate. 3. Solution Edit the relevant file to remove "x" and " " (space) from the strspn() mask. -->


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top