漏洞描述
Pure-FTPd 1.0.24 contains security vulnerabilities that could allow attackers to exploit the FTP server. This version is known to have various security issues that could lead to unauthorized access or other security implications.
CVE-2020-9365: Pure-FTPd 1.0.24 - Security Vulnerability
PoC代码[已公开]
id: CVE-2020-9365
info:
name: Pure-FTPd 1.0.24 - Security Vulnerability
author: pussycat0x
severity: medium
description: |
Pure-FTPd 1.0.24 contains security vulnerabilities that could allow attackers to exploit the FTP server. This version is known to have various security issues that could lead to unauthorized access or other security implications.
metadata:
verified: true
shodan-query: product:"Pure-FTPd" version:"1.0.24"
max-request: 1
tags: cve,cve2020,network,ftp,pure-ftpd,tcp,passive,vuln
tcp:
- inputs:
- data: 00000000
type: hex
host:
- "{{Hostname}}"
port: 21
read-size: 1024
matchers:
- type: dsl
dsl:
- "contains(raw, 'Pure-FTPd')"
- "contains(version, '1.0.24')"
condition: and
extractors:
- type: regex
group: 1
name: version
regex:
- "Pure-FTPd ([0-9.]+)"
# digest: 4b0a00483046022100c93cf4252a3795ba34e3c7ace15593dc66e43155d02877c366b076d0de97a6000221008264c3c78fccd6413d6dcf25a56185486a92e3ce30e5e36ebb32c969c1263faf:922c64590222798bb761d5b6d8e72950