cve/2015/CVE-2015-3306.md

### [CVE-2015-3306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.

### POC

#### Reference
- http://packetstormsecurity.com/files/131505/ProFTPd-1.3.5-File-Copy.html
- http://packetstormsecurity.com/files/131555/ProFTPd-1.3.5-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/131567/ProFTPd-CPFR-CPTO-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/132218/ProFTPD-1.3.5-Mod_Copy-Command-Execution.html
- http://packetstormsecurity.com/files/162777/ProFTPd-1.3.5-Remote-Command-Execution.html
- https://www.exploit-db.com/exploits/36742/
- https://www.exploit-db.com/exploits/36803/

#### Github
- https://github.com/0xT11/CVE-POC
- https://github.com/0xm4ud/ProFTPD_CVE-2015-3306
- https://github.com/20142995/Goby
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/El-Palomo/JOY
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/GhostTroops/TOP
- https://github.com/JERRY123S/all-poc
- https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups
- https://github.com/JoseLRC97/ProFTPd-1.3.5-mod_copy-Remote-Command-Execution
- https://github.com/NCSU-DANCE-Research-Group/CDL
- https://github.com/WireSeed/eHacking_LABS
- https://github.com/anquanscan/sec-tools
- https://github.com/antsala/eHacking_LABS
- https://github.com/cd6629/CVE-2015-3306-Python-PoC
- https://github.com/cdedmondson/Modified-CVE-2015-3306-Exploit
- https://github.com/cved-sources/cve-2015-3306
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/davidtavarez/CVE-2015-3306
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/ebantula/eHacking_LABS
- https://github.com/firatesatoglu/shodanSearch
- https://github.com/gauss77/LaboratoriosHack
- https://github.com/hackarada/cve-2015-3306
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/hktalent/TOP
- https://github.com/huimzjty/vulwiki
- https://github.com/jbmihoub/all-poc
- https://github.com/jptr218/proftpd_bypass
- https://github.com/khansiddique/VulnHub-Boot2root-CTFs-Writeups
- https://github.com/lnick2023/nicenice
- https://github.com/m4udSec/ProFTPD_CVE-2015-3306
- https://github.com/maxbardreausupdevinci/jokertitoolbox
- https://github.com/mr-exo/shodan-dorks
- https://github.com/nodoyuna09/eHacking_LABS
- https://github.com/nootropics/propane
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/raimundojimenez/eHacking_LABS
- https://github.com/sash3939/IS_Vulnerabilities_attacks
- https://github.com/shk0x/cpx_proftpd
- https://github.com/t0kx/exploit-CVE-2015-3306
- https://github.com/vshaliii/Funbox2-rookie
- https://github.com/waqeen/cyber_security21
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/xchg-rax-rax/CVE-2015-3306-
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2015-3306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/131505/ProFTPd-1.3.5-File-Copy.html`
			`- http://packetstormsecurity.com/files/131555/ProFTPd-1.3.5-Remote-Command-Execution.html`
			`- http://packetstormsecurity.com/files/131567/ProFTPd-CPFR-CPTO-Proof-Of-Concept.html`
			`- http://packetstormsecurity.com/files/132218/ProFTPD-1.3.5-Mod_Copy-Command-Execution.html`
			`- http://packetstormsecurity.com/files/162777/ProFTPd-1.3.5-Remote-Command-Execution.html`
			`- https://www.exploit-db.com/exploits/36742/`
			`- https://www.exploit-db.com/exploits/36803/`

			`#### Github`
			`- https://github.com/0xT11/CVE-POC`
			`- https://github.com/0xm4ud/ProFTPD_CVE-2015-3306`
			`- https://github.com/20142995/Goby`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/ARPSyndicate/kenzer-templates`
			`- https://github.com/CVEDB/PoC-List`
			`- https://github.com/CVEDB/awesome-cve-repo`
			`- https://github.com/CVEDB/top`
			`- https://github.com/El-Palomo/JOY`
			`- https://github.com/Elsfa7-110/kenzer-templates`
			`- https://github.com/GhostTroops/TOP`
			`- https://github.com/JERRY123S/all-poc`
			`- https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups`
			`- https://github.com/JoseLRC97/ProFTPd-1.3.5-mod_copy-Remote-Command-Execution`
			`- https://github.com/NCSU-DANCE-Research-Group/CDL`
			`- https://github.com/WireSeed/eHacking_LABS`
			`- https://github.com/anquanscan/sec-tools`
			`- https://github.com/antsala/eHacking_LABS`
			`- https://github.com/cd6629/CVE-2015-3306-Python-PoC`
			`- https://github.com/cdedmondson/Modified-CVE-2015-3306-Exploit`
			`- https://github.com/cved-sources/cve-2015-3306`
			`- https://github.com/cyberanand1337x/bug-bounty-2022`
			`- https://github.com/davidtavarez/CVE-2015-3306`
			`- https://github.com/developer3000S/PoC-in-GitHub`
			`- https://github.com/ebantula/eHacking_LABS`
			`- https://github.com/firatesatoglu/shodanSearch`
Update CVE sources 2024-06-07 17:53 2024-06-07 17:53:02 +00:00			`- https://github.com/gauss77/LaboratoriosHack`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/hackarada/cve-2015-3306`
			`- https://github.com/hectorgie/PoC-in-GitHub`
			`- https://github.com/hktalent/TOP`
			`- https://github.com/huimzjty/vulwiki`
			`- https://github.com/jbmihoub/all-poc`
			`- https://github.com/jptr218/proftpd_bypass`
			`- https://github.com/khansiddique/VulnHub-Boot2root-CTFs-Writeups`
			`- https://github.com/lnick2023/nicenice`
			`- https://github.com/m4udSec/ProFTPD_CVE-2015-3306`
			`- https://github.com/maxbardreausupdevinci/jokertitoolbox`
Update CVE sources 2024-06-07 04:52 2024-06-07 04:52:01 +00:00			`- https://github.com/mr-exo/shodan-dorks`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/nodoyuna09/eHacking_LABS`
			`- https://github.com/nootropics/propane`
			`- https://github.com/qazbnm456/awesome-cve-poc`
			`- https://github.com/raimundojimenez/eHacking_LABS`
			`- https://github.com/sash3939/IS_Vulnerabilities_attacks`
			`- https://github.com/shk0x/cpx_proftpd`
			`- https://github.com/t0kx/exploit-CVE-2015-3306`
			`- https://github.com/vshaliii/Funbox2-rookie`
			`- https://github.com/waqeen/cyber_security21`
			`- https://github.com/weeka10/-hktalent-TOP`
			`- https://github.com/xbl3/awesome-cve-poc_qazbnm456`
			`- https://github.com/xchg-rax-rax/CVE-2015-3306-`