CVE-2019-18655 PoC — File Sharing Wizard 缓冲区错误漏洞

Source

https://github.com/0xhuesca/CVE-2019-18655

Associated Vulnerability

Title:File Sharing Wizard 缓冲区错误漏洞 (CVE-2019-18655)
Description:File Sharing Wizard是一套文件共享传输软件。 File Sharing Wizard 1.5.0 build 2008版本中存在缓冲区错误漏洞。攻击者可通过发送带有恶意payload的HTTP GET请求利用该漏洞执行命令并获取shell。

Description

CVE-2019-18655 metasploit module. SEH based buffer overflow in file sharing wizard app v.1.5.0.

Readme


CVE-2019-18655 metasploit module. SEH based buffer overflow in file sharing wizard app v.1.5.0.

CVE summary: 

File Sharing Wizard version 1.5.0 is affected of Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution and obtain a command shell by sending a HTTP GET request including the malicious payload in the URL, a similar issue to CVE-2019-17415, CVE-2019-16724, and CVE-2010-2331. 

Software Version: File Sharing Wizard version 1.5.0 build 2008 

Tested OS versions: 
Microsoft Windows Vista Ultimate 6.0.6002 Service Pack 2 Build 6002 
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 Build 7601 

Product URL: https://file-sharing-wizard.soft112.com/ 

CVE-ID: CVE-2019-18655 

Exploitation details: https://www.0xhuesca.com/2019/11/cve-2019-18655.html

File Snapshot


 [4.0K]  /data/pocs/f387fbc6a23cc93552c14e974d08f038bd155200
├── [3.2K]  filesharing_wizard_get_bof.rb
└── [ 857]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!