Re: KunaniFTP-Server v.1.0.10 allows dictionary traversal

[Alun Jones <alun () texis com>]

At 04:23 PM 12/10/2002, Zero-X www.lobnan.de Team wrote:
> Ftp> get ..\..\..\..\..\boot.ini
> 200 PORT command successful
> 150 Opening ASCII mode data connection for /bin/ls.

I think an FTP server that's told to "get" a file, and returns that it's 
opening a connection for "/bin/ls" (i.e. making a listing) likely has some 
maturation ahead of it.  Is this really what the server says, or is this 
bad cutting-and-pasting from the true session?

Alun.
~~~~

--
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun () texis com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT.