Skip to content

Zeop-CyberSec/cloudme_sync2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
pictures
pictures
 
 
README.md
README.md
 
 
cloudme_sync2.md
cloudme_sync2.md
 
 
cloudme_sync2.rb
cloudme_sync2.rb
 
 

Repository files navigation

Description

This module exploits a buffer overflow vulnerability found in CloudMe Sync v1.11.2.

Vulnerable Application

An issue was discovered in CloudMe 1.11.2. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.

Verification Steps

  1. Install CloudMe for Desktop version v1.11.2
  2. Start the applicaton (you don't need to create an account)
  3. Start msfconsole
  4. Do use exploit/windows/misc/cloudme_sync2
  5. Do set RHOST ip
  6. Do set LHOST ip
  7. Do exploit
  8. Verify the Meterpreter session is opened

alt text

alt text

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Languages