CVE-2006-6751

XM Easy Personal FTP Server <5.2.1 - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6751. PoCs published by shinnai.

AI-analyzed exploit summary This exploit demonstrates a format string vulnerability in XM Easy Personal FTP Server 5.2.1, leading to a Denial of Service (DoS) condition. It sends a malformed USER command with a format string specifier (%n) to trigger the vulnerability.

Description

Format string vulnerability in XM Easy Personal FTP Server 5.2.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the USER command or certain other available or nonexistent commands. NOTE: It was later reported that 5.3.0 is also vulnerable.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · pythondoswindows

https://www.exploit-db.com/exploits/2978

View Code ZIP pw:eip

This exploit demonstrates a format string vulnerability in XM Easy Personal FTP Server 5.2.1, leading to a Denial of Service (DoS) condition. It sends a malformed USER command with a format string specifier (%n) to trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: XM Easy Personal FTP Server 5.2.1

No auth needed

Prerequisites: Network access to the target FTP server

MITRE ATT&CK