Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2010-1938 PoC — FreeBSD OPIE实现__opiereadrec()函数单字节栈溢出漏洞

Source
https://github.com/Nexxus67/cve-2010-1938
Associated Vulnerability
Title:FreeBSD OPIE实现__opiereadrec()函数单字节栈溢出漏洞 (CVE-2010-1938)
Description:Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.
Description
A simple Python script to test an off-by-one vulnerability in the OPIE library (CVE-2010-1938). This vulnerability affects certain FTP servers and may allow for Denial of Service (DoS) or arbitrary code execution.
Readme
# 🚀 CVE-2010-1938 FTP Off-by-One Exploit

A simple Python script to test an off-by-one vulnerability in the OPIE library (CVE-2010-1938). This vulnerability affects certain FTP servers and may allow for Denial of Service (DoS) or arbitrary code execution.

![Python](https://img.shields.io/badge/python-v3.9%2B-blue)
![FTP Exploit](https://img.shields.io/badge/FTP-Exploit-red)
![CVE](https://img.shields.io/badge/CVE-2010--1938-orange)
![License](https://img.shields.io/badge/license-MIT-green)

---

## 📜 Description

This script targets a known vulnerability (CVE-2010-1938) in the OPIE library used in some FTP servers. By sending a specially crafted username, the script attempts to cause a stack overflow in the FTP server, potentially leading to remote code execution.

## 💡 Features

- **Adjustable payload size** to fine-tune the exploit.
- Sends the payload in **fragments** to avoid detection and prevent immediate server crashes.
- Customizable **target IP and port** for penetration testing.

## 🚨 Disclaimer

This tool is for educational purposes only. The author is not responsible for any misuse of this script. Always obtain proper authorization before running any exploit.

---

## 🚀 Usage

1. Clone the repository:
    ```bash
    git clone https://github.com/nexxus67/cve-2010-1938.git
    cd cve-2010-1938
    ```

2. Run the exploit with Python:
    ```bash
    python3 exploit.py
    ```

3. The script will attempt to exploit the vulnerability by sending the payload to the target FTP server.

---

## ⚙️ Requirements

- Python 3.9+
- Socket module (comes pre-installed with Python)

---

## 📖 How it works

1. **Connection to the target**: The script establishes a socket connection with the target FTP server.
2. **Payload delivery**: The payload is delivered in fragments to avoid overwhelming the server.
3. **Exploit trigger**: A `PASS` command is sent after the payload to trigger the off-by-one vulnerability.
4. **Feedback**: The server's response is logged to observe success or failure.

---

## 🚧 To-Do

- Add more sophisticated payload crafting.
- Implement payloads for remote code execution (RCE) based on server feedback.
- Enhance error handling and output formatting.

---

## 🛠️ Development

Contributions are welcome! Feel free to open issues or submit pull requests.

---

## 📝 License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

---

⚠️ **Warning**: Unauthorized use of this script on servers you do not own or have explicit permission to test is illegal.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →