CVE-2008-4247

FreeBSD NetBSD OpenBSD - Cross-Site Request Forgery via Long FTP URI

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4247. PoCs published by Maksymilian Arciemowicz.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in multiple FTP servers by embedding malicious FTP commands in a URL. The attack leverages the FTP protocol's handling of URLs to execute arbitrary commands (e.g., SITE CHMOD) in the context of a user's session.

Description

ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Maksymilian Arciemowicz · textremoteunix

https://www.exploit-db.com/exploits/32399

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in multiple FTP servers by embedding malicious FTP commands in a URL. The attack leverages the FTP protocol's handling of URLs to execute arbitrary commands (e.g., SITE CHMOD) in the context of a user's session.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Multiple FTP servers (vendor-agnostic)

Auth required

Prerequisites: User must be authenticated to the FTP server · User must click or be tricked into accessing the malicious URL

MITRE ATT&CK