what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

a4.html

a4.html
Posted Oct 5, 1999
Authored by Arne Vidstrom

".."-hole in Broker FTP Server v.3.0 Build 1.

SHA-256 | acfc6c3200dab5bf7eab84848292f6b0484d0d94053fc3bd9537b80dcaf13b5b

a4.html

Change Mirror Download
<HTML>
<HEAD>
<TITLE>".."-hole in Broker FTP Server v.3.0 Build 1</TITLE>
</HEAD>
<BODY BGCOLOR="BLACK" TEXT="#FFDFBF" LINK="#C08010" VLINK="#C08010" ALINK="WHITE">
<FONT FACE="arial" SIZE="3">
<B>- ".."-hole in Broker FTP Server v.3.0 Build 1 -</B>
<BR><BR>
</FONT>
<FONT FACE="arial" SIZE="2">
There's a hole in Broker FTP Server v.3.0 Build 1. Here's an example:
<BR><BR>
You have it installed with FTP root in c:\FTProot and you have a user "test" with home directory in c:\FTProot\test. You also have checked the "Display as ROOT directory" checkbox for test, so he/she can't get below the home directory. CWD won't take him/here below it, but LIST will:
<BR><BR>
LIST ..\..\winnt\
<BR><BR>
will list the contents of c:\winnt and
<BR><BR>
NLST ..\..\winnt\
<BR><BR>
will also list the contents of c:\winnt. Of course this isn't as bad as if CWD or RETR had worked, but you probably don't want anybody to be able to look around in your private directories.
</FONT>
<BR>
<FONT FACE="arial" SIZE="2">
<BR><BR>
<HR WIDTH="50%" ALIGN="CENTER" SIZE="1">
<CENTER><A HREF="http://www.bahnhof.se/~winnt/">[Home]</A>&nbsp;&nbsp;<A HREF="http://www.bahnhof.se/~winnt/advisories/index.html">[Security Advisories]</A>&nbsp;&nbsp;<A HREF="http://www.bahnhof.se/~winnt/toolbox/index.html">[The Toolbox]</A>&nbsp;&nbsp;<A HREF="http://www.bahnhof.se/~winnt/trashcan/index.html">[The Trashcan]</A></CENTER>
<P ALIGN=RIGHT>
<FONT FACE="arial" SIZE="1">
&copy; 1999, Arne Vidstr&ouml;m
</FONT>
</P>
</FONT>
</BODY>
</HTML>
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close