Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2020-8635 PoC — Wing FTP Server 安全漏洞

Source
https://github.com/Al1ex/CVE-2020-8635
Associated Vulnerability
Title:Wing FTP Server 安全漏洞 (CVE-2020-8635)
Description:Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files.
Description
Wing FTP Server 6.2.3 - Privilege Escalation
Readme
### What's this
Wing FTP Server 6.2.3 - Privilege Escalation

### Exploit

##### Introduction
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files.

##### Tested on
Ubuntu 18.04, Kali Linux 4, MacOS Catalina, Solaris 11.4 (x86)

##### Exploit
~~~
python3 cve-2020-8635.py -t 192.168.0.2:2222 -u lowleveluser -p demo 
~~~
![](image/wftpsploit.jpg)
File Snapshot

 [4.0K]  /data/pocs/7007581d5b0a06c32ed3050ab4a50baa223b6f08
├── [ 14K]  CVE-2020-8635.py
├── [4.0K]  image
│   └── [ 79K]  wftpsploit.jpg
└── [ 598]  README.md

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →