Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2019-19943 PoC — Pablo Quick’n Easy Web Server 资源管理错误漏洞

Source
https://github.com/5l1v3r1/CVE-2019-19943
Associated Vulnerability
Title:Pablo Quick’n Easy Web Server 资源管理错误漏洞 (CVE-2019-19943)
Description:The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter. It may be possible to achieve remote code execution because of a double free.
Description
Remote Unauthenticated Heap Memory Corruption in Quick N' Easy Web Server <= 3.3.8
Readme
# CVE-2019-19943
Remote Unauthenticated Heap Memory Corruption in Quick N' Easy Web Server &lt;= 3.3.8

This exploit is also available on Exploit-DB: [Quick N Easy Web Server 3.3.8 - Denial of Service (PoC)](https://www.exploit-db.com/exploits/48111)

## Before

![screenshot](/assets/before.PNG)

## After

![screenshot](/assets/after.PNG)

# Timeline

- December 13, 2019 - Discovered Issue
- December 14, 2019 - Contacted Mitre
- December 22, 2019 - CVE-2019-19943 assigned
- December 23, 2019 - Contacted Vendor (no response)
- January 18, 2020 - Contacted Vendor (no response)
- February 22, 2020 - Disclosed
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →