module
ProFTPD 1.3.5 Mod_Copy Command Execution
| Disclosed | Created |
|---|---|
| 2015-04-22 | 2018-05-30 |
Disclosed
2015-04-22
Created
2018-05-30
Description
This module exploits the SITE CPFR/CPTO mod_copy commands in ProFTPD version 1.3.5.
Any unauthenticated client can leverage these commands to copy files from any
part of the filesystem to a chosen destination. The copy commands are executed with
the rights of the ProFTPD service, which by default runs under the privileges of the
'nobody' user. By using /proc/self/cmdline to copy a PHP payload to the website
directory, PHP remote code execution is made possible.
Any unauthenticated client can leverage these commands to copy files from any
part of the filesystem to a chosen destination. The copy commands are executed with
the rights of the ProFTPD service, which by default runs under the privileges of the
'nobody' user. By using /proc/self/cmdline to copy a PHP payload to the website
directory, PHP remote code execution is made possible.
Authors
Vadim Melihow
xistence xistence@0x90.nl
xistence xistence@0x90.nl
Platform
Unix
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.