Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2011-2523 PoC — vsftpd 操作系统命令注入漏洞

Source
https://github.com/everythingBlackkk/vsFTPd-Backdoor-Exploit-CVE-2011-2523-
Associated Vulnerability
Title:vsftpd 操作系统命令注入漏洞 (CVE-2011-2523)
Description:vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Description
This tool exploits a well-known backdoor vulnerability found in vsFTPd version 2.3.4 (CVE-2011-2523)
Readme
# vsFTPd 2.3.4 Backdoor Exploit
Overview

This tool exploits a well-known backdoor vulnerability found in vsFTPd version 2.3.4. The vulnerability allows attackers to gain unauthorized shell access to the target system by sending specially crafted input to the FTP service. This exploit takes advantage of a malicious backdoor that was intentionally introduced in version 2.3.4, which opens a listening port (6200) after receiving a certain payload.

Note: This vulnerability is specific to version 2.3.4 of vsFTPd. Attempting to use this tool on other versions will result in failure.
____

## Vulnerability Explanation

The vulnerability arises due to a backdoor that was deliberately added to the vsFTPd 2.3.4 distribution in June 2011. When a maliciously crafted username (with a `:)` at the end) is sent to the FTP server, it triggers the backdoor, causing the server to open a shell on port 6200. Attackers can then connect to this port and gain shell access to the system.

- CVE Identifier: CVE-2011-2523
- Vulnerable Software: vsFTPd 2.3.4
- Exploitation: Remote code execution via crafted FTP commands
  
____

## Requirements
- Python 3.x
- You
____

## How to Use
1. Clone the Repository:

  ```bash
    git clone https://github.com/everythingBlackkk/vsFTPd-Backdoor-Exploit-CVE-2011-2523-.git
    cd vsFTPd-Backdoor-Exploit-CVE-2011-2523-
  ```

2. Run the Exploit:
   
 ```bash
  python3 exploit.py -host <target_ip> 
 ```
   
## Output Example : 

```bash
$ python3 exploit.py -host 192.168.1.10
[i] Initiating FTP backdoor exploit...
[i] Checking FTP Version on 192.168.1.10:21
[+] Target is running vsFTPd 2.3.4. Proceeding with backdoor exploit...
[i] Connecting to backdoor on 192.168.1.10:6200...
[+] Connection successful! You now have shell access.
$ whoami
root
$ exit
```
____

# Why This Vulnerability Exists

The vulnerability in vsFTPd 2.3.4 was introduced by an unknown attacker who uploaded a modified version of the source code to the official vsFTPd download server. This backdoored version was available for a short time before it was detected and removed. However, any system that installed vsFTPd during that period is vulnerable if they are still running version 2.3.4.

## Disclaimer

This tool is intended for educational purposes only. The misuse of this tool could cause damage to systems and networks. Only use it on systems you have permission to test. The author assumes no liability for any misuse or damage caused by this tool.
File Snapshot

 [4.0K]  /data/pocs/c251401b5632bf57b6acb6ff052de0b4b507ebc3
├── [1.9K]  exploit.py
└── [2.4K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →