Ftpgetter professional 5.97.0.223 denial of service (poc) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-01-06 |
Type : dos |
Platform : windows
This exploit / vulnerability Ftpgetter professional 5.97.0.223 denial of service (poc) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)
# Google Dork: N/A
# Date: 2020-01-03
# Exploit Author: FULLSHADE
# Vendor Homepage: https://www.ftpgetter.com/
# Software Link: https://www.ftpgetter.com/ftpgetter_pro_setup.exe
# Version: v.5.97.0.223
# Tested on: Windows 7
# CVE : N/A
==================================================================
THE BUG : NULL pointer dereference -> DOS crash
==================================================================
The FTPGetter Professional v.5.97.0.223 FTP client suffers from a
NULL pointer dereference vulnerability via the program not properly
handling user input when setting the field "Run program" under
profile properties, it triggers when executing the profile.
(b84.e88): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=0255d3a0 ecx=04000000 edx=00000030 esi=00000000 edi=00000001
eip=00855994 esp=0012fbd0 ebp=0012fc6c iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
*** ERROR: Symbol file could not be found. Defaulted to export symbols for FTPGetter.exe -
FTPGetter!Xtermforminitialization$qqrv+0x202d74:
00855994 8b5004 mov edx,dword ptr [eax+4] ds:0023:00000004=????????
eax=04e8fc78 ebx=004db6b4 ecx=0000000a edx=41414141 esi=02871ae0 edi=00000000
eip=004db97a esp=04e8fc74 ebp=04e8fec0 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010216
REDftp!GetFTPValidationW+0x6e842:
004db97a 837a5400 cmp dword ptr [edx+54h],0 ds:0023:41414195=????????
==================================================================
CVE-2020-5183 is a NULL pointer dereference vulnerability
==================================================================
Ftpgetter professional 5.97.0.223 denial of service (poc)