Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2011-2523 PoC — vsftpd 操作系统命令注入漏洞

Source
https://github.com/Tenor-Z/SmileySploit
Associated Vulnerability
Title:vsftpd 操作系统命令注入漏洞 (CVE-2011-2523)
Description:vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Description
A basic script that exploits CVE-2011-2523
Readme
# SmileySploit
A basic script that exploits CVE-2011-2523

# Overview
In 2011, an integrated backdoor was found on vsFTPd servers running version 2.3.4, in which using a smiley emoticon ":)" triggers a reverse connection to an attacker. With this, it is extremely easy to create an exploit script and gain access to a system vulnerable to this flaw. By using said emoticon during authentication, the backdoor is triggered, and the attacker can then connect to the shell on port 6200.

# How To Run
Just run Python with the exploit.py file. Make sure Pwntools is installed first using Pip.
File Snapshot

 [4.0K]  /data/pocs/4533cea25428d7854fea5176f7113d29de83d5d2
├── [2.5K]  exploit.py
├── [ 34K]  LICENSE
└── [ 589]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →