CVE-2023-39063 PoC — RaidenFTPD 安全漏洞

Source

https://github.com/AndreGNogueira/CVE-2023-39063

Associated Vulnerability

Title:RaidenFTPD 安全漏洞 (CVE-2023-39063)
Description:RaidenFTPD是一个易于使用的 Windows FTP 守护程序。 RaidenFTPD 2.4.4005版本存在安全漏洞，该漏洞源于存在缓冲区溢出漏洞。攻击者可利用该漏洞通过分步设置向导的Server name字段执行任意代码。

Description

POC of the CVE-2023-39063

Readme

# CVE-2023-39063
This repository contains an exploit for the vulnerability CVE-2023-39063 found in the RaidenFTPD v2.4.4005 software. The exploit has been created to work with Python 3.

# Exploit Details
Python 3 code to exploit a SEH based Buffer Overflow vulnerability in RaidenFTPD v.2.4.4005. This vulnerability allows a local attacker to execute arbitrary code via the Server name field of the step by step setup wizard.

## Exploit Usage
1. Open RaidenFTPD
2. Click on `Setup` -> `Step by step setup wizard`
3. Run python code: `python3 exploit-cve-2023-39063.py`
4. Paste the content of exploit-raiden.txt into the field `Server name`
5. Click `next` -> `next` -> `ok`
6. Pop calc.exe

## Exploit Demonstration
https://github.com/AndreGNogueira/CVE-2023-39063/assets/36996899/3dd69196-6971-4cb4-837c-ef4ff373db7b

## Disclaimer
This exploit script is provided for educational purposes only. The authors do not promote or endorse any unauthorized use or exploitation of vulnerabilities. The responsibility for any illegal or unethical use of this script lies solely with the user.

File Snapshot


 [4.0K]  /data/pocs/c5120bbc7e66342fe94a12a364a260491de5e472
├── [2.4K]  exploit-cve-2023-39063.py
├── [1.0K]  LICENSE
└── [1.1K]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!