Opened 11 months ago

Last modified 11 months ago

#11773 moreinfo Bug report

FileZilla 3.33

Reported by: Kağan Çapar Owned by:
Priority: low Component: FileZilla Client
Keywords: Cc:
Component version: 3.33 Operating system type: Linux
Operating system version: Kali Linux 2018.3_x64

Description

Hello, I'm Kağan, Vulnerability Reasearcher. I found vulnerability Filezilla 3.33 on Kali Linux 2018.3 x64 and I just published proof-of-concept type exploit-db but I managed to write shell code. If this version works with root authority, the authority can be priv-esc. You should know that I did not public. Also, vulnerability is not working Windows OS.

Good luck, I love filezilla!

Click : https://www.exploit-db.com/exploits/45576/

Attachments (1)

Screenshot from 2018-10-10 05-28-09.png (130.6 KB) - added by Kağan Çapar 11 months ago.
screenshot

Download all attachments as: .zip

Change History (3)

Changed 11 months ago by Kağan Çapar

screenshot

comment:1 Changed 11 months ago by Tim Kosse

Status: newmoreinfo

This doesn't appear to be a bug in FileZilla itself but rather one of the libraries it depends on.

Which version of wxWidgets is FileZilla linked against? Which version of GTK+ is wxWidgets in turn linked against?

comment:2 Changed 11 months ago by Kağan Çapar

Priority: criticallow
Summary: FileZilla 3.33 Buffer-Overflow (PoC)FileZilla 3.33

Thanks.

Note: See TracTickets for help on using tickets.