CVE-2005-2961

ProZilla Download Accelerator 1.3.7.4 - Buffer Overflow via FTP Search HREF Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2961. PoCs published by taviso.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in ProZilla (CVE-2005-2961) by crafting a malicious ASP file with shellcode to execute arbitrary commands. The payload overwrites the return address and includes a NOP sled followed by shellcode to spawn a shell.

Description

Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an <A> tag.

Exploits (1)

exploitdb WORKING POC VERIFIED

by taviso · cremotelinux

https://www.exploit-db.com/exploits/1238

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in ProZilla (CVE-2005-2961) by crafting a malicious ASP file with shellcode to execute arbitrary commands. The payload overwrites the return address and includes a NOP sled followed by shellcode to spawn a shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ProZilla (version not specified)

No auth needed

Prerequisites: Ability to write a file to the target system · Target system must be running vulnerable ProZilla software

MITRE ATT&CK