Vulnerability & Exploit Database

Back to search

ProFTPD 1.3.5 Mod_Copy Command Execution

This module exploits the SITE CPFR/CPTO commands in ProFTPD version 1.3.5. Any unauthenticated client can leverage these commands to copy files from any part of the filesystem to a chosen destination. The copy commands are executed with the rights of the ProFTPD service, which by default runs under the privileges of the 'nobody' user. By using /proc/self/cmdline to copy a PHP payload to the website directory, PHP remote code execution is made possible.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/unix/ftp/proftpd_modcopy_exec

Authors

  • Vadim Melihow
  • xistence <xistence [at] 0x90.nl>

References

Targets

  • ProFTPD 1.3.5

Platforms

  • unix

Architectures

  • cmd

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/unix/ftp/proftpd_modcopy_exec msf exploit(proftpd_modcopy_exec) > show targets ...targets... msf exploit(proftpd_modcopy_exec) > set TARGET <target-id> msf exploit(proftpd_modcopy_exec) > show options ...show and set options... msf exploit(proftpd_modcopy_exec) > exploit

Related Vulnerabilities