Phone
Often, the FTP service itself isn't the primary vulnerability, but rather a vector to drop files, which are then executed by another service (e.g., PHP via website, Samba). 3. Solid Report: Stapler CTF Example (vsftpd 2.0.8)
: The attacker replaced the legitimate vsftpd-2.3.4.tar.gz archive with a version containing a few lines of malicious code. vsftpd 2.0.8 exploit github