header-logo
Suggest Exploit
vendor:
Classic FTP
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Classic FTP
Affected Version From: 01.02
Affected Version To: 01.02
Patch Exists: YES
Related CWE: N/A
CPE: a:classic_ftp:classic_ftp
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows
2008

Classic FTP Directory Traversal Vulnerability

Classic FTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue allows an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks.

Mitigation:

Input validation should be used to prevent directory traversal attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/29846/info

Classic FTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue allows an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks.

Classic FTP 1.02 for Microsoft Windows is vulnerable; other versions may also be affected. 

Response to LIST:

\..\..\..\..\..\..\..\..\..\testfile.txt\r\n
/../../../../../../../../../testfile.txt\r\n

Navigation

Suggest Exploit

Services By CQR