Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2011-2523 PoC — vsftpd 操作系统命令注入漏洞

Source
https://github.com/Shubham-2k1/Exploit-CVE-2011-2523
Associated Vulnerability
Title:vsftpd 操作系统命令注入漏洞 (CVE-2011-2523)
Description:vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Readme
**README**: Exploit for VSFTP 2.3.4

This Python script is designed to exploit a backdoor vulnerability present in VSFTP version 2.3.4. The exploit grants unauthorized access to the system running this particular version of VSFTP.

**Usage**
To use this exploit script, follow these steps:

Clone Repository: Clone the repository containing the exploit script to your local machine.

Install Dependencies: Ensure that you have the required dependencies installed. This script utilizes the pwn library. You can install it using pip:

**bash**

pip install pwntools
Run the Script: Execute the script with the IP address of the target machine as the argument. Optionally, you can also provide the port number if it's different from the default port 21.

**bash**

python exploit.py <IP_ADDRESS> [PORT]

**Description**
This script exploits a backdoor vulnerability in VSFTP version 2.3.4. Here's how the exploit works:

Triggering Backdoor: The script connects to the VSFTP server and checks its version. If the version matches 2.3.4, it sends specially crafted USER and PASS commands to trigger the backdoor.

Obtaining Shell Access: After successfully triggering the backdoor, the script establishes a connection to the backdoor port (6200) and gains shell access to the target system.

**Notes**
Target Compatibility: This exploit script specifically targets VSFTP version 2.3.4. Ensure that the target system is running this exact version for the exploit to work.

Security Implications: Using this script to exploit vulnerabilities in systems without proper authorization may be illegal and unethical. Ensure that you have appropriate permissions before using this script in any environment.

Customization: Feel free to customize the script according to your needs or extend its functionality. However, ensure that any modifications comply with applicable laws and ethical guidelines.

**Disclaimer**
This script is provided for educational and research purposes only. The author takes no responsibility for any misuse or damage caused by the use of this script. Use it at your own risk and discretion.

**Credits**
This project was developed as a part of learning. This exploit script was originally developed by [Hellsender01].
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →