Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2020-9273 PoC — ProFTPD 资源管理错误漏洞

Source
https://github.com/ptef/CVE-2020-9273
Associated Vulnerability
Title:ProFTPD 资源管理错误漏洞 (CVE-2020-9273)
Description:In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
Description
Analysis and exploitation of an use-after-free in ProFTPd
Readme
# CVE-2020-9273

These are the files I created during analysis and exploitaion of [CVE-2020-9273](https://nvd.nist.gov/vuln/detail/CVE-2020-9273) - a heap use-after-free in [ProFTPd](http://www.proftpd.org/).

Take a look at the exploit video [here](https://twitter.com/DUKPT_/status/1344481049934348288).

Description about the files in this repo:

**poc-not-really-v4.c** - an article and poc I wrote last year (oct/2020), read to understand the exploitation path;

**exploit_demo.c** - demo exploit released, with hardcoded addresses, dated from last year too;

**exploit_proftpd.c** - reliable exploit, for localhost testing, finished on 16/08/2021.

Please feel free to DM me if you have questions or comments.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →