header-logo
Suggest Exploit
vendor:
Guild Ftpd
by:
SecurityFocus
4.3
CVSS
MEDIUM
Path Traversal
22
CWE
Product Name: Guild Ftpd
Affected Version From: Guild Ftpd 1.0
Affected Version To: Guild Ftpd 1.0
Patch Exists: YES
Related CWE: CVE-2001-0206
CPE: a:guildftpd:guild_ftpd
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2001

Guild Ftpd Path Traversal

Guild Ftpd is vulnerable to a path traversal attack, which allows an attacker to access files outside of the FTP root directory. This is possible due to the difference in the error messages that are returned when a file is requested. If the file exists, the error message "Download failed" is returned, and if the file does not exist, the error message "Access denied" is returned.

Mitigation:

Restrict access to the FTP root directory and ensure that all files are stored within the root directory.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1452/info

Guild Ftpd will not send files outside of the ftp root when they are specified by the ../ string in the path of the GET request. However due to the difference in the error messages it is able to determine if the file requested exists. The error message "Download failed" appears if the requested file exists and "Access denied" if it does not.

ftp> get ../filename
>PORT command successful.
>Opening ascii mode data connection for \../filename.
>Download failed.

Navigation

Suggest Exploit

Services By CQR