POC详情: aea5cad6446218997a8f15c62a6ec10ec6d78b3a

来源
https://github.com/Lynk4/CVE-2011-2523
关联漏洞
标题: vsftpd 操作系统命令注入漏洞 (CVE-2011-2523)
描述:vsftpd是一款用于类Unix系统的FTP(文件传输协议)服务器。 vsftpd 2.3.4版本(2011年6月30日至2011年7月3日期间下载)中存在安全漏洞,该漏洞源于软件中存在可以打开shell的后门。攻击者可利用该漏洞执行命令。
描述
Python exploit for vsftpd 2.3.4 - Backdoor Command Execution
介绍
# CVE-2011-2523 - vsftpd 2.3.4 Exploit

### Description

Very Secure FTP Daemon (vsftpd) is an FTP server for Unix-like platforms, including Linux. It is distributed under the terms of the GNU General Public Licence. It supports IPv6 as well as SSL.

It was revealed in July 2011 that vsftpd version 2.3.4, which could be downloaded from the master site, had been compromised. Users login onto a hacked vsftpd-2.3.4 server can acquire a command shell on port 6200 by entering a:) smileyface as the username. This was not a security flaw in vsftpd; rather, someone had uploaded a separate version of vsftpd that had a backdoor. The site has since been migrated to Google App Engine.

### Requirements
```
sudo apt update
sudo apt install python3
sudo apt install python3-pip
pip install argparse
```
### Installation
```
git clone https://github.com/Lynk4/CVE-2011-2523.git
cd ./CVE-2011-2523
chmod +x exploit.py
```
### Usage
```
python3 exploit.py -host Target_IP
```
![ck](https://github.com/Lynk4/CVE-2011-2523/assets/44930131/adf0f8bc-0376-4efc-9dde-61032337d21d)



### Test
You can test the exploit on [Metasploitable2](https://sourceforge.net/projects/metasploitable/files/Metasploitable2/)
文件快照

 [4.0K]  /data/pocs/aea5cad6446218997a8f15c62a6ec10ec6d78b3a
├── [1.2K]  exploit.py
├── [1.0K]  LICENSE
└── [1.2K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。