Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-40524 PoC — Pure-FTPd 代码问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2021/CVE-2021-40524.yaml
Associated Vulnerability
Title:Pure-FTPd 代码问题漏洞 (CVE-2021-40524)
Description:Pure-FTPd是一款FTP(文件传输协议)服务器。 jedisct1 Pure-FTPd 存在代码问题漏洞,该漏洞源于 Pure-FTPd 1.0.49 版本中,服务器中错误的 max_filesize 配额机制允许攻击者上传无限大小的文件,这可能导致拒绝服务或服务器挂起。发生这种情况是因为某个大于零的测试存在未预期初始值 -1。
Description
Pure-FTPd versions 1.0.23 through 1.0.49 contain an arbitrary file upload vulnerability due to max_filesize quota issue, allowing large or unbounded file uploads that can cause server hang or resource exhaustion.
File Snapshot

 id: CVE-2021-40524

info:
  name: Pure-FTPd 1.0.23 < 1.0.50 - Arbitrary File Upload
  author: pussyc

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.