what you don't know can hurt you

Titan FTP Server 2019 Build 3505 Directory Traversal

Titan FTP Server 2019 Build 3505 Directory Traversal
Posted Mar 27, 2019
Authored by Kevin Randall

Titan FTP Server 2019 build 3505 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2019-10009
MD5 | a7872face8bf62f7e150c91b6ba6313a

Titan FTP Server 2019 Build 3505 Directory Traversal

Change Mirror Download
**********************************************************************
Discovered By: Kevin Randall on 3/23/2019
**********************************************************************
A Directory Traversal issue was discovered in the Web GUI in Titan FTP
Server 2019 Build 3505.
When an authenticated user attempts to preview an uploaded file (through
PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can
be loaded in the server response outside the root directory.
***********************************************************************
Tools used:

Parrot OS

Windows 7 32 Bit

BurpSuite

Browser
*************************************************************************
Vulnerability has been fixed in the following build:
Build: Titan FTP Server 2019 Build 3515
**************************************************************************
Proof of Concept (PoC):

Step 1: Authenticate through Titan FTP Web GUI

Step 2: Upload file and attempt to view it

Step 3: Intercept requests with BurpSuite when attempting to view uploaded
file

Step 4: Modify "path=" and "filename=" parameters in the following GET
request:
Ex: View contents of README.txt file in Python27 directory:
Note: You can access other files in directories such as System32, Desktop
etc.
Payload:
*****************************************************************************************
GET
/PreviewHandler.ashx?path=\..\..\..\..\Python27\README.txt&filename=README.txt
*****************************************************************************************
Step 5: If path is set-up correctly and if file exists, you will receive a
200 OK back from the server.

Step 6: View the file through the file preview in the FTP server.
**************************************************************************************************

**************************************************************************************************
Timeline:

Date Discovered: 3/23/2019
Date Disclosed to Vendor: 3/23/2019
CVE Obtained: 3/24/2019
Vendor Created Patched Version Titan FTP Version 2019 Build 3515: 3/25/2019
Vendor Created Entry in Jira System for issue (SVR-499): 3/25/2019
Date Disclosed: 3/26/2019

**************************************************************************************************


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close