| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Nov 2018 10:26:29 -0600 From: Ryan Delaney <ryan.delaney@...sp.org> To: fulldisclosure@...lists.org Subject: [FD] Budabot !calc Denial of Service <!-- # Exploit Title: Budabot !calc Denial of Service # Date: 15-10-2018 # Exploit Author: Ryan Delaney # Author Contact: ryan.delaney@...sp.org # Author LinkedIn: https://www.linkedin.com/in/infosecrd/ # Vendor Homepage: http://budabot.com/ # Software Link: https://github.com/Budabot/Budabot/releases # Version: 0.6 -> 4.0 # Tested on: 4.0 # CVE: CVE-2018-19290 1. Description In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified other impact. In versions before 3.0, modules/HELPBOT_MODULE/calc.php has the vulnerable code; in 3.0 and above, modules/HELPBOT_MODULE/HelpbotController.class.php has the vulnerable code. 2. Proof of Concept Start the Budabot listener, set valid configuration options, and wait for the chatbot to announce it's ready in-game. Send the chatbot a private message containing "!calc 5 x 5", and the Budabot listener will terminate. 3. Solution Edit the relevant file to remove "x" and " " (space) from the strspn() mask. --> _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists