Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote malicious users to execute arbitrary code via a long STOR command.
This module exploits a stack-based buffer overflow in Ability Server 2.34. Ability Server fails to check input size when parsing 'STOR' and 'APPE' commands, which leads to a stack based buffer overflow. This plugin uses the 'STOR' command. The vulnerability has been confirmed on version 2.34 and has also been reported in version 2.25 and 2.32. Other versions may also be affected.
msf > use exploit/windows/ftp/ability_server_stor msf exploit(ability_server_stor) > show targets ...targets... msf exploit(ability_server_stor) > set TARGET <target-id> msf exploit(ability_server_stor) > show options ...show and set options... msf exploit(ability_server_stor) > exploit
CVE-in-Ruby It's a repository to import public exploits to be written in Ruby without Metasploit complication Why not Metasploit? To educate people how to write exploits using Ruby To Write exploit for CVEs that doesn't have exploit in a simple way To avoid Metasploit complications But we still LOVE Metasploit To list a common exploit that we face in PT that may or