/// File Name: |
easyftp_list.rb.txt |
Description:
|
This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11 and earlier. EasyFTP fails to check input size when parsing the 'path' parameter supplied to an HTTP GET request, which leads to a stack based buffer overflow. EasyFTP allows anonymous access by default; valid credentials are typically unnecessary to exploit this vulnerability. After version 1.7.0.12, this package was renamed "UplusFtp". Due to limited space, as well as difficulties using an egghunter, the use of staged, ORD, and/or shell payloads is recommended.
| Author: | ThE g0bL!N,jduck | Homepage: | http://www.metasploit.com | File Size: | 3667 | Related OSVDB(s): | 66614 | Last Modified: | Jul 27 19:11:13 2010 |
MD5 Checksum: | e8e1ba35a15a4cce0d46cd0b3dd34996 |
|