漏洞描述
ProFTPd是一套可配置性强的开放源代码的FTP服务器软件,ProFTPd 的 mod_copy模块本用于文件复制操作,但在存在漏洞的版本中,mod_copy模块的相关命令操作未设置访问授权验证,导致任意客户端均能通过特定命令对系统中任意文件进行复制,在一定条件下攻击者能够利用该漏洞获取系统敏感文件、获取服务器权限等。目前,在许多Linux 发行版(如 Debian)的软件包中,ProFTPd 都被默认安装并加载了存在该漏洞的 mod_copy 模块,直接对系统构成威胁。
ProFTPD mod_copy 后门(CVE-2015-3306)
PoC代码
暂无相关漏洞推荐
-
ftp-anonymous-login: FTP Anonymous Login POC
2025-09-01 | ftpAnonymous FTP access allows anyone to access your public_ftp folder, allowing unidentified visitors ... -
vsftpd-backdoor: VSFTPD 2.3.4 - Backdoor Command Execution POC
2025-09-01 | VSFTPDVSFTPD 2.3.4 contains a backdoor command execution vulnerability. fofa: app="vsftpd" -
CVE-2011-2523: VSFTPD 2.3.4 - Backdoor Command Execution POC
2025-09-01 | VSFTPDVSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands ... -
CVE-2015-1427: ElasticSearch - Remote Code Execution POC
2025-09-01 | ElasticSearchElasticSearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox prot... -
CVE-2015-3337: Elasticsearch CVE-2015-3337 POC
2025-09-01 | Elasticsearchfofa app="elastic-Elasticsearch"