In the remote management panel there is a console written in the LUA language, which can be exploited to execute commands in the Operating System through the os.execute() function native to lua.īelow is a remote command execution PoC through the lua console to obtain a reverse shell on the target machine. The C:\Program Files (x86)Wing FTP Server_ADMINISTRATOR\admins.xml file stores the admin credentials by saving the password in an md5 hash, which can be easily deciphered, as shown in the image below: ![]() When accessing the Wing FTP Server remote management panel, the credentials are transmitted in clear, as shown in the image below:Īnother vulnerability found is the unprotected storage of the application's admin credentials. app download, Punch out theme song nessuno, Command line ftp syntax file. You can also monitor server performance and online sessions and even receive email notifications about various events taking place on the server. Easy minecraft server setup mac server, Toca life town free download. Fixed a bug - Fixed an XSS vulnerability for the web link download. tags exploit, remote, web, code execution MD5 b103c764509737c359f33833e2aa71ae Download Favorite View Related Files Wing FTP Server 6.3. Improvement - Added a new tab 'Users' for the group to show the user members. Wing FTP Server version 6.3.8 authenticated remote code execution exploit that leverages the web console. ![]() Added a feature - Now you can define additional HTTP headers under domain settings. And it provides admins with a web-based interface to administrate the server from anywhere. Improvement - Updated the Help Manual for Wing FTP Server. When the user requests to download or pull a file. Here is how a typical FTP transfer works: A user needs to log-in to a FTP server. It supports multiple file transfer protocols, including FTP, FTPS, HTTP, HTTPS, and SFTP, giving your clients flexibility in how they connect to the server. Wing FTP Server 4.3.8 - Remote Code Execution (RCE) (Authenticated) - Windows remote Exploit Wing FTP Server 4.3. Exploit Title: Wing FTP Server 6.3.8 - Remote Code Execution (Authenticated) Date: Exploit Author: v1n1v131r4 Vendor Homepage: Software Link: Version: 6.3.8 Tested on: Windows 10 CVE : - Wing FTP Server have a web console based on Lua language. Wing FTP Server is an easy-to-use, powerful, and free FTP server software for Windows, Linux, Mac OS, and Solaris. Multiple vulnerability was founded on Wing FTP Server 6.3.8: ![]() This PoC explain how to exploit Wing FTP Server 6.3.8 to get Remote Code Execution Wing FTP Server 6.3.8 - Remote Code Execution
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |