nuclei-templates/network/vsftpd-detection.yaml

id: vsftpd-detection

info:
  name: VSFTPD 2.3.4 - Backdoor Command Execution
  author: pussycat0x
  severity: critical
  description: VSFTPD 2.3.4 contains a backdoor command execution vulnerability.
  reference:
    - https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10.0
    cwe-id: CWE-78
  remediation: This backdoor was removed on July 3rd, 2011.
  tags: network,vsftpd,ftp,backdoor

network:
  - inputs:
      - data: "USER anonymous\r\nPASS anonymous\r\n"

    host:
      - "{{Host}}:21"
      - "{{Hostname}}"

    matchers:
      - type: word
        words:
          - "vsFTPd 2.3.4"

# Enhanced by mp on 2022/05/23