vendor:
SAMI FTP
by:
UmZ
N/A
CVSS
N/A
USER/PASS BUFFER OVERFLOW ARBITARY REMOTE CODE EXECUTION
CWE
Product Name: SAMI FTP
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows 2000 SP4
2007
Exploit for SAMI FTP version 2.0.2
You can put your own shellcode to spawn a shell. After executing the exploit, you will get 'Cannot login User or password not correct.' That doesn't mean the exploit failed. Whenever you click on Sami FTP server, it will crash resulting in the execution of calc.exe and will execute whenever the SAMI FTP server restarts until it is reinstalled.
Mitigation:
Please do not use it against any system without prior permission.