Bugtraq mailing list archives
CesarFTP v0.98b triple dot Directory Traversal / Weak password encryption
From: ByteRage <byterage () yahoo com>
Date: Sun, 27 May 2001 10:33:08 -0700 (PDT)
CesarFTP v0.98b triple dot Directory Traversal / Weak password encryption AFFECTED SYSTEMS CesarFTP v0.98b on Windows 9x / ME DESCRIPTION 1) Directory Traversal First, we need a directory where we have access to on the victim host... (Or we can create one if we have enough rights) ftp://127.0.0.1/ might give us a directory RESTRICTED/ for example now we do : ftp://127.0.0.1/RESTRICTED/...%5c/ and we're out of the restricted subdirectory, we have read access to the whole harddrive 2) Once again an FTP server with weak password encryption... The username:password pairs are stored in plaintext in the program directory. (\program files\CesarFTP\settings.ini) Combined with the directory traversal, the password file can be easily attained by any user... VENDOR STATUS I have sent this advisory to <cesarftp () aclogic com> ======================================================= [ByteRage] <byterage () yahoo com> [www.byterage.cjb.net] ======================================================= __________________________________________________ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
Current thread:
- CesarFTP v0.98b triple dot Directory Traversal / Weak password encryption ByteRage (May 28)