Title: Wing FTP Server 4.3.8 - Remote Code Execution (RCE) (Authenticated) EDB-ID: 50720 CVE: N/A Author: NOTCOS Type: Remote Platform: Windows Date: 2022-02-08 Vulnerable App: Wing FTP Server Version: <=4.3.8 Vendor Homepage: https://www.wftpserver.com/ Software Link: https://www.wftpserver.com/download/WingFtpServer.exe Exploit Details: Language: Python Description: This exploit targets Wing FTP Server versions up to 4.3.8 and allows authenticated remote code execution. Steps: - Imports necessary libraries (requests, sys, base64, urllib.parse). - Uses provided username and password to authenticate. - Sends a POST request to log in and save the cookie. - Encodes a reverse shell payload in Base64 and sends it to the target. - Executes the payload through a PowerShell command.