CVE-2021-35211 PoC — SolarWinds Serv-U FTP Server 缓冲区错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2021/CVE-2021-35211.yaml

Associated Vulnerability

Title:SolarWinds Serv-U FTP Server 缓冲区错误漏洞 (CVE-2021-35211)
Description:SolarWinds Serv-U FTP Server是美国SolarWinds公司的一套FTP和MFT文件传输软件。 SolarWinds Serv-U FTP Server 存在缓冲区错误漏洞，该漏洞源于边界错误而存在漏洞。攻击者可利用该漏洞向server - u服务器发送专门设计的请求，触发内存损坏并在目标系统上执行任意代码。

Description

SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 contain a remote memory escape caused remote code execution vulnerability, letting attackers gain privileged access, exploit requires remote attacker to send crafted memory operations.

File Snapshot


 id: CVE-2021-35211

info:
  name: SolarWinds Serv-U FTP - Remote Code Execution
  author: pussycat0x

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!