first commit
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
This commit is contained in:
27
ruby/CVE-2017-17405/web.rb
Normal file
27
ruby/CVE-2017-17405/web.rb
Normal file
@@ -0,0 +1,27 @@
|
||||
require 'sinatra'
|
||||
require 'net/ftp'
|
||||
require 'uri'
|
||||
|
||||
get '/' do
|
||||
'Use /download?uri=ftp://127.0.0.1:2121/&file=/path/to/file.txt to download a ftp file.'
|
||||
end
|
||||
|
||||
get '/download' do
|
||||
content_type 'application/octet-stream'
|
||||
|
||||
begin
|
||||
uri = URI.parse(params['uri'])
|
||||
|
||||
ftp = Net::FTP.new
|
||||
ftp.connect(uri.host, uri.port)
|
||||
ftp.login(uri.user || 'anonymous', uri.password)
|
||||
ftp.getbinaryfile(params['file'])
|
||||
ftp.close
|
||||
rescue
|
||||
return '404 Not Found'
|
||||
end
|
||||
|
||||
File.open(params['file'], 'rb') {|f|
|
||||
return f.read
|
||||
}
|
||||
end
|
||||
Reference in New Issue
Block a user