![]() ![]() When supplying a specially crafted HTTP POST request. # Vendor Homepage: # Software Link: # Version: " % sys.argv) print("Example: %s 0.0.0.0 8000 127.0.0.1 9001 notcos coolpass" % sys.argv) exit(1) else: target = sys.argv targetport = sys.argv localip = sys.argv localport = sys.argv user = sys.argv password = sys.argv print('''. Exploit Windows PC using Wing FTP Server Authenticated Command Execution. No fix for authenticated RCE at this time.Change Mirror Download # Exploit Title: Wing FTP Server 4.3.8 - Remote Code Execution (RCE) (Authenticated) # Date: # Exploit Author: notcos # Credit: Credit goes to the initial discoverer of this exploit, Alex Haynes. ![]() Requests a week delay before public disclosure.ĬSRF attack vector fixed in version 4.4.7. Vulnerability confirmed and new version 4.4.7 released. Vendor requests clarification on impact and various attack scenarios. Vendor responds with requests for details of vulnerabilities. :5466/admin_lua_script.html" method="POST" enctype="text/plain">ġ) Either utilising the LUA Console interface directly and using the os.execute('') method.Ģ) POST directly using CURL with an authenticated cookie:Ĭurl -i -s -k -X 'POST' -b 'admin_lang=english UIDADMIN=b8b208e2239f462c11641eaa10cde7b0' -data-binary $'command=os.execute(\'cmd.exe\')'Īny OS command can be inserted into the os.execute('') method. The attack leverages the LUA CLI to inject commands at the same privilege as the web server. The RCE can be exploited in two scenarios, either by a CSRF attack (the admin interface is vulnerable to CSRF attacks) or by being authenticated to the admin interface. The admin interface of Wing FTP Server is vulnerable to a Remote Code Execution (RCE) vulnerability. It comes with both device and FTP file browser. It can manage several FTP configurations. When supplying a specially crafted HTTP POST request an attacker can use os.execute () to execute arbitrary system commands on the. This module exploits the embedded Lua interpreter in the admin web interface for versions 4.3.8 and below. AndFTP (your FTP client) is FREE to download. Exploit Windows PC using Wing FTP Server Authenticated Command Execution. You can also monitor server performance and online sessions and even receive email notifications about various events taking place on the server." (2) Vulnerability Details: AndFTP (your FTP client) has an APK download size of 5.07 MB and the latest version available is 6.4. And it provides admins with a web based interface to administrate the server from anywhere. But, this mount failed after a server reboot. In his server, he had a mounted file system. It supports a number of file transfer protocols, including FTP, HTTP, FTPS, HTTPS and SFTP server, giving your end-users flexibility in how they connect to the server. For instance, recently a customer complained about the problems accessing files via FTP. ![]() "Wing FTP Server is an easy-to-use, secure and feature-rich enterprise FTP Server that can be used in Windows, Linux, Mac OSX and Solaris. Vulnerability Type: Improper Control of Generation of Code Īdvisory Details: (1) Vendor & Product Description Vulnerable Versions: 4.4.6 and all previous versions Exploit Title: Wing FTP Server Remote Code Execution vulnerability
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |