CVE-2018-7449 PoC — SEGGER embOS/IP FTP Server 安全漏洞

Source

https://github.com/antogit-sys/CVE-2018-7449

Associated Vulnerability

Title:SEGGER embOS/IP FTP Server 安全漏洞 (CVE-2018-7449)
Description:SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command.

Description

simple Python exploit using CVE-2018-7449 on embOS/IP FTP Server v3.22

Readme

<h1 align = "center"> CVE-2018-7449</h1>
<img src="img/banner.png" >



## 1. Introduction

My tool is written in Python and exploits the CVE-2018-7449 vulnerability to execute a series of commands that will crash the ftp daemon.
<pre>
	<b> *** DISCLAIMER!!! ***</b>
	Please note that the use of hacking tools without authorization is illegal and 
	could result in legal problems. Therefore, it is important to use this tool
	only for testing purposes on systems where you have permission to act.
</pre>
## 2. conditions to exploit this vulnerability

- firewall disabled or compromised

- the attacker must know the username and password of an ftp account

- ftp passwords travel unencrypted and could be sniffed
  
## 3. help use
<img src="img/screenHelper.png" >  

## 4. source from which I took inspiration:

[SEGGER embOS/IP FTP Server 3.22 - Denial of Service - Windows dos Exploit](https://www.exploit-db.com/exploits/44221)

File Snapshot


 [4.0K]  /data/pocs/ab48aa76d49b459a7968c0b1d6c86fc132a586b9
├── [1.2K]  exploitFTPModule.py
├── [4.0K]  img
│   ├── [ 63K]  banner.png
│   └── [106K]  screenHelper.png
├── [ 34K]  LICENSE
├── [ 933]  README.md
└── [2.3K]  run-exploit.py

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!