ProFTPd version 1.3.5 remote command execution exploit. This is a variant of the original vulnerability discovered in 2015 with credit going to R-73eN.
36d3e6266ecfe1baa5561af1301eeadc1a956f587f58731fbeed05f16dec3a89
This Metasploit module exploits the SITE CPFR/CPTO commands in ProFTPD version 1.3.5. Any unauthenticated client can leverage these commands to copy files from any part of the filesystem to a chosen destination. The copy commands are executed with the rights of the ProFTPD service, which by default runs under the privileges of the 'nobody' user. By using /proc/self/cmdline to copy a PHP payload to the website directory, PHP remote code execution is made possible.
6b1b6947386e30749005cc4bbf96249cdc5ee569e7eb6a39db9bbb3306f97451
Debian Linux Security Advisory 3263-1 - Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the mod_copy module allowed unauthenticated users to copy files around on the server, and possibly to execute arbitrary code.
ac6dcf2b8a50d76523a286978d647d532f4c498be4105ebfdf07388d03782759
Slackware Security Advisory - New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
97da8a8f846347404ac0427633ddc66222c5b7357000fbdadd6e7a16f4c38fa8
ProFTPd CPFR / CPTO proof of concept exploit.
3a2aa92d9c4f7980f410f8313494e891bbb9e807a8b13f39e584580f72f7eef6
ProFTPd version 1.3.5 remote command execution exploit.
33b411f75e9e92f4cce90334c9d86dca66a06474776854a23ec5f542a52da3b9
ProFTPd installations that use the mod_copy module's SITE CPFR/SITE CPTO commands allows these commands to be used by unauthenticated clients.
906b064525d55e5b1133812165abc4af404b78a47f8824d1d53e9802f8d546ff