Skip to content
Branch: master
Find file History
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
modules Initial public commit Oct 5, 2018
samples Initial public commit Oct 5, 2018
src Clean up of winbox parser logic for handling long message padding Oct 15, 2018
CMakeLists.txt Initial public commit Oct 5, 2018
README.md Initial public commit Oct 5, 2018

README.md

CVE-2018-1157

An authenticated user can cause the www binary to consume all memory via a crafted POST request to /jsproxy/upload. When testing our proof of concept on an x86 RouterOS VM, Tenable discovered that this vulnerability didn't just crash www but caused the whole system to reboot.

Compilation

This code was tested on Ubuntu 18.04. There is a dependency on boost and cmake. Simply install them like so:

sudo apt install libboost-dev cmake

To compile simply do the following:

cd winbox_pcap_parser
mkdir build
cd build
cmake ..
You can’t perform that action at this time.