CVE-2001-0264

Gene6 G6 FTP Server 2.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0264. PoCs published by Rob Beck.

AI-analyzed exploit summary This exploit leverages a vulnerability in G6 FTP Server (now BPFTP Server) where a malformed 'size' or 'mdtm' command forces the server to make an external SMB connection, exposing login credentials. The script automates the process of logging in and sending the malformed command to trigger the vulnerability.

Description

Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Rob Beck · perlremotewindows

https://www.exploit-db.com/exploits/20723

View Code ZIP pw:eip

This exploit leverages a vulnerability in G6 FTP Server (now BPFTP Server) where a malformed 'size' or 'mdtm' command forces the server to make an external SMB connection, exposing login credentials. The script automates the process of logging in and sending the malformed command to trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: G6 FTP Server (BPFTP Server)

Auth required

Prerequisites: Valid FTP credentials · Access to the target FTP server

MITRE ATT&CK

T1187 - Forced Authentication

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2534

Patch, Vendor Advisory vendor-advisory x_refsource_atstake

http://www.atstake.com/research/advisories/2001/a040301-1.txt

Scores

EPSS 0.0299

EPSS Percentile 85.5%

Details

Status published

Products (1)

gene6/g6_ftp_server 2.0

Published Jun 18, 2001

Tracked Since Feb 18, 2026