## https://sploitus.com/exploit?id=EE17E53E-C92B-5F91-BF4B-9E9511471132
# CVE-2026-42167 Master Exploit Tool
A professional security research tool for exploiting the **CVE-2026-42167** vulnerability in ProFTPD's `mod_sql` module. This tool performs unauthenticated SQL injection to exfiltrate sensitive files from the server via time-based side-channel attacks.
"Note: The efficiency of this tool depends on the PostgreSQL user's permissions and network stability."
## ๐ก๏ธ Vulnerability Overview
CVE-2026-42167 is a critical logical flaw in the `is_escaped_text()` function of ProFTPD. When `mod_sql` is configured to log `USER` commands, an attacker can bypass SQL escaping by providing an input that starts and ends with a single quote (`'`). This tool leverages this bypass to execute PostgreSQL-specific commands.
## โจ Features
- **Unauthenticated Access:** No credentials required if `USER` logging is enabled.
- **Smart File Scanning:** Automatically tests for common file extensions (.txt, .log, .cfg, etc.) to prevent false positives.
- **Automated Exfiltration:** Detects file length and extracts content character-by-character using ASCII-based timing attacks.
- **PostgreSQL Optimized:** Uses `pg_sleep()` and `pg_read_file()` for reliable exploitation.
- **No-Space Bypass:** Uses SQL comment syntax (`/**/`) to bypass space-filtering mechanisms.
## ๐ Installation
```bash
git clone https://github.com/efeanilarslan/CVE-2026-42167-Exploit
cd CVE-2026-42167-Exploit
pip install -r requirements.txt # (No external dependencies required)
```
## ๐ป Usage
### Basic Scan & Leak
```bash
python3 proftpd_master_exploit.py -t -p 2121
```
### Targeted File Leak
```bash
python3 proftpd_master_exploit.py -t -f /etc/passwd
```
### Wordlist-based Scanning
```bash
python3 proftpd_master_exploit.py -t -w common.txt -s 1.5
```
## โ๏ธ Parameters
| Flag | Description | Default |
|------|-------------|---------|
| `-t` | Target IP address | Required |
| `-p` | Target FTP port | 2121 |
| `-s` | Sleep duration for timing attack | 2.0s |
| `-w` | Wordlist for file discovery | None |
| `-f` | Specific file path to exfiltrate | None |
## โ ๏ธ Legal Disclaimer
This tool is for educational purposes and authorized security testing only. The developer is not responsible for any misuse or damage caused by this program. **Use responsibly.**