POC详情: 416fa8802cf1960377dbdb9e50b2b443844d8c09

来源
https://github.com/Nexxus67/cve-2010-1938
关联漏洞
标题: FreeBSD OPIE实现__opiereadrec()函数单字节栈溢出漏洞 (CVE-2010-1938)
描述:FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD所使用的OPIE认证系统中readrec.c文件的opiereadrec()函数存在单字节栈溢出漏洞,在启用了栈保护的情况下,攻击者可以远程导致使用OPIE的服务进程崩溃。
描述
A simple Python script to test an off-by-one vulnerability in the OPIE library (CVE-2010-1938). This vulnerability affects certain FTP servers and may allow for Denial of Service (DoS) or arbitrary code execution.
介绍
# 🚀 CVE-2010-1938 FTP Off-by-One Exploit

A simple Python script to test an off-by-one vulnerability in the OPIE library (CVE-2010-1938). This vulnerability affects certain FTP servers and may allow for Denial of Service (DoS) or arbitrary code execution.

![Python](https://img.shields.io/badge/python-v3.9%2B-blue)
![FTP Exploit](https://img.shields.io/badge/FTP-Exploit-red)
![CVE](https://img.shields.io/badge/CVE-2010--1938-orange)
![License](https://img.shields.io/badge/license-MIT-green)

---

## 📜 Description

This script targets a known vulnerability (CVE-2010-1938) in the OPIE library used in some FTP servers. By sending a specially crafted username, the script attempts to cause a stack overflow in the FTP server, potentially leading to remote code execution.

## 💡 Features

- **Adjustable payload size** to fine-tune the exploit.
- Sends the payload in **fragments** to avoid detection and prevent immediate server crashes.
- Customizable **target IP and port** for penetration testing.

## 🚨 Disclaimer

This tool is for educational purposes only. The author is not responsible for any misuse of this script. Always obtain proper authorization before running any exploit.

---

## 🚀 Usage

1. Clone the repository:
    ```bash
    git clone https://github.com/nexxus67/cve-2010-1938.git
    cd cve-2010-1938
    ```

2. Run the exploit with Python:
    ```bash
    python3 exploit.py
    ```

3. The script will attempt to exploit the vulnerability by sending the payload to the target FTP server.

---

## ⚙️ Requirements

- Python 3.9+
- Socket module (comes pre-installed with Python)

---

## 📖 How it works

1. **Connection to the target**: The script establishes a socket connection with the target FTP server.
2. **Payload delivery**: The payload is delivered in fragments to avoid overwhelming the server.
3. **Exploit trigger**: A `PASS` command is sent after the payload to trigger the off-by-one vulnerability.
4. **Feedback**: The server's response is logged to observe success or failure.

---

## 🚧 To-Do

- Add more sophisticated payload crafting.
- Implement payloads for remote code execution (RCE) based on server feedback.
- Enhance error handling and output formatting.

---

## 🛠️ Development

Contributions are welcome! Feel free to open issues or submit pull requests.

---

## 📝 License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

---

⚠️ **Warning**: Unauthorized use of this script on servers you do not own or have explicit permission to test is illegal.
文件快照

 [4.0K]  /data/pocs/416fa8802cf1960377dbdb9e50b2b443844d8c09
├── [1.5K]  exploit.py
└── [2.5K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。