This exploit demonstrates a remote crash vulnerability in SphereFTP Server v2.0 by sending a maliciously crafted USER command with a long string of 'A' characters, causing a buffer overflow and resulting in a denial of service (DoS). The PoC is functional and targets the FTP service on port 21.
Classification
Working Poc 90%
Target:
SphereFTP Server v2.0
No auth needed
Prerequisites:
Network access to the target FTP server · FTP service running on port 21