CVE-2011-2523 PoC — vsftpd 操作系统命令注入漏洞

Source

https://github.com/BolivarJ/CVE-2011-2523

Associated Vulnerability

Title:vsftpd 操作系统命令注入漏洞 (CVE-2011-2523)
Description:vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.

Description

Python exploit for vsftpd 2.3.4 - Backdoor Command Execution

Readme

# CVE-2011-2523 — vsFTPd 2.3.4 Backdoor Exploit

This repository contains a Python-based exploit targeting a **maliciously backdoored** version of `vsFTPd 2.3.4`. Unlike traditional vulnerabilities, this backdoor was introduced by an unauthorized modification of the official binary hosted on the vsFTPd site in 2011.

## 🧠 Vulnerability Overview

- The compromised binary listens on port **6200** after receiving a specially crafted username.
- Triggering the backdoor spawns a remote shell with **root privileges**.
- The exploit is only effective against the **backdoored binary**, not against legitimate versions of vsFTPd.

## ⚙️ Requirements

Ensure the following dependencies are installed:

```bash
sudo apt update
sudo apt install python3
```
## 📦 Installation

```bash
git clone https://github.com/BolivarJ/CVE-2011-2523.git
cd CVE-2011-2523
chmod +x exploit.py
```

## 🚀 Usage

```bash
python3 exploit.py <TARGET_IP>
```
<img width="597" height="164" alt="image" src="https://github.com/user-attachments/assets/6747ea25-7bcc-4e54-bdaa-a9dccb6ce09c" />

## 📚 References
- [CVE-2011-2523](https://www.exploit-db.com/exploits/49757)
- [Original vsFTP advisory](https://security.appspot.com/vsftpd.html)

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!