CVE-2017-5359

HIGH

EasyCom SQL iPlug - Denial of Service via D$EVAL Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-5359. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in SQL iPlug by sending an overly long string via HTTP requests to the 'D$EVAL' parameter on port 7078. The PoC floods the target with multiple connections, each sending a large payload to crash the service.

Description

EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI.

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · textdoswindows

https://www.exploit-db.com/exploits/41426

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service vulnerability in SQL iPlug by sending an overly long string via HTTP requests to the 'D$EVAL' parameter on port 7078. The PoC floods the target with multiple connections, each sending a large payload to crash the service.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: SQL iPlug (EasycomPHP_4.0029.iC8im2.exe)

No auth needed

Prerequisites: Network access to the target on port 7078

MITRE ATT&CK