Crob FTP Server 3.5.1 - Remote Information Disclosure
| EKU-ID: 29065 | CVE: CVE-2004-2309;OSVDB-3806 | OSVDB-ID: |
| Author: Zero X | Published: 2004-02-02 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 29065 | CVE: CVE-2004-2309;OSVDB-3806 | OSVDB-ID: |
| Author: Zero X | Published: 2004-02-02 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/9546/info A vulnerability has been reported in the Crob FTP server, which occurs due to a lack of validation of input from the user. By issuing a specially crafted request, a malevolent user may be able to gain access to files outside of the ftp root directory. You can read all directories on the system with the following command: dir ../../../../../*