what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

smartftp.txt

smartftp.txt
Posted Jun 15, 2000
Authored by Moritz Jodeit | Site jodeit.cjb.net

Remove vulnerability has been found in the SmartFTP-D Server which allows a remote user with an account to read any file on the system.

tags | exploit, remote
SHA-256 | dc0c845f36c1df20329e24792344d24bc446161aac536e31bd3e8e9f4f21f5c7

smartftp.txt

Change Mirror Download
I found a bug in the SmartFTP-D Server which will give an attacker full
access to the server, if he has the right to write files on the server. For
every user, the program is checking if a special Userfile exists (Sample:
Username=hacker & Userfile=hacker.FTP_User). If it exists, the configuration,
like password, rights, etc. will be read out of this file. The program doesn't
check for bad characters, so by using "..\" you can switch to other
directorys. If an attacker has an account on the machine, where he can write files,
he can use this to get full access to the whole machine! Let's take this
example: Upload directory is D:\Upload and SmartFTP-D is installed in
D:\Program Files\SmartFTP Daemon. An attacker would upload a file called
exploit.FTP_User, which includes his own password and the rigths, he wishes to have. If
he now uses the Username "..\..\..\..\..\Upload\exploit", his uploaded
Userfile will be used and he can login.

mindstorm networks has been informed about this bug and a fix should be
available soon. Until they will release a fix, you can get my unofficial
HotFix at my homepage, which will implement the missing check-function for bad
characters in the Username.

-Moritz

--
Moritz Jodeit
http://jodeit.cjb.net
Login or Register to add favorites

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    19 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close