CVE-2009-3364

FTPShell Client 4.1 RC2 - Remote Code Execution via Long PASV Response

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3364. PoCs published by His0k4.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in FTPShell Client 4.1 RC2 by sending a malicious PASV response to trigger remote code execution. It uses a staged payload with Metasploit-generated shellcode to spawn a bind shell on port 4444.

Description

Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by His0k4 · pythonremotewindows

https://www.exploit-db.com/exploits/9613

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in FTPShell Client 4.1 RC2 by sending a malicious PASV response to trigger remote code execution. It uses a staged payload with Metasploit-generated shellcode to spawn a bind shell on port 4444.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: FTPShell Client 4.1 RC2

No auth needed

Prerequisites: Network access to the target FTP client · Target must initiate an FTP connection to the attacker's server

MITRE ATT&CK