CVE-2020-9470 PoC — Wing FTP Server 安全漏洞

Source

https://github.com/Al1ex/CVE-2020-9470

Associated Vulnerability

Title:Wing FTP Server 安全漏洞 (CVE-2020-9470)
Description:Wing FTP Server是一套跨平台的FTP服务器软件。 Wing FTP Server 6.2.5版本（2020月2日之前）中存在安全漏洞。本地攻击者可利用该漏洞查看会话内容及session_admin路径。

Description

Wing FTP Server 6.2.5 - Privilege Escalation

Readme

## What's this
Wing FTP Server 6.2.5 - Privilege Escalation

## Introduction
A weakness in the handling of HTTP sessions within Wing FTP Server allows any local user to escalate privileges to root on Linux, MacOS, and Solaris. Exploitation is contingent on an already-established administrative session. It should be noted that version 6.2.5 was released on Februrary 27th, 2020, however, this bug was identified, reported, and patched on Februrary 28th, 2020. Therefore, some installations of Wing FTP Server showing version 6.2.5 may be vulnerable, while some may not be vulnerable.

## How to use
./CVE-2020-9470.sh

![exploit](image/exploit.png)

File Snapshot


 [4.0K]  /data/pocs/73d351e5f5d5ba382a083a4cdaba85b78de543d1
├── [4.4K]  CVE-2020-9470.sh
├── [4.0K]  image
│   └── [ 58K]  exploit.png
└── [ 660]  README.md

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!