### [CVE-2015-3306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.

### POC

#### Reference
- http://packetstormsecurity.com/files/131505/ProFTPd-1.3.5-File-Copy.html
- http://packetstormsecurity.com/files/131555/ProFTPd-1.3.5-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/131567/ProFTPd-CPFR-CPTO-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/132218/ProFTPD-1.3.5-Mod_Copy-Command-Execution.html
- http://packetstormsecurity.com/files/162777/ProFTPd-1.3.5-Remote-Command-Execution.html
- https://www.exploit-db.com/exploits/36742/
- https://www.exploit-db.com/exploits/36803/

#### Github
- https://github.com/0xT11/CVE-POC
- https://github.com/0xm4ud/ProFTPD_CVE-2015-3306
- https://github.com/20142995/Goby
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/El-Palomo/JOY
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/GhostTroops/TOP
- https://github.com/JERRY123S/all-poc
- https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups
- https://github.com/JoseLRC97/ProFTPd-1.3.5-mod_copy-Remote-Command-Execution
- https://github.com/NCSU-DANCE-Research-Group/CDL
- https://github.com/WireSeed/eHacking_LABS
- https://github.com/anquanscan/sec-tools
- https://github.com/antsala/eHacking_LABS
- https://github.com/cd6629/CVE-2015-3306-Python-PoC
- https://github.com/cdedmondson/Modified-CVE-2015-3306-Exploit
- https://github.com/cved-sources/cve-2015-3306
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/davidtavarez/CVE-2015-3306
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/ebantula/eHacking_LABS
- https://github.com/firatesatoglu/shodanSearch
- https://github.com/gauss77/LaboratoriosHack
- https://github.com/hackarada/cve-2015-3306
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/hktalent/TOP
- https://github.com/huimzjty/vulwiki
- https://github.com/jbmihoub/all-poc
- https://github.com/jptr218/proftpd_bypass
- https://github.com/khansiddique/VulnHub-Boot2root-CTFs-Writeups
- https://github.com/lnick2023/nicenice
- https://github.com/m4udSec/ProFTPD_CVE-2015-3306
- https://github.com/maxbardreausupdevinci/jokertitoolbox
- https://github.com/mr-exo/shodan-dorks
- https://github.com/nodoyuna09/eHacking_LABS
- https://github.com/nootropics/propane
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/raimundojimenez/eHacking_LABS
- https://github.com/sash3939/IS_Vulnerabilities_attacks
- https://github.com/shk0x/cpx_proftpd
- https://github.com/t0kx/exploit-CVE-2015-3306
- https://github.com/vshaliii/Funbox2-rookie
- https://github.com/waqeen/cyber_security21
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/xchg-rax-rax/CVE-2015-3306-