Bugtraq mailing list archives
Re: ftp conversions exploit
From: lex () TWILIGHT TELCO MD (Alexey Chetroi)
Date: Fri, 24 Dec 1999 08:51:21 +0200
On Wed, 22 Dec 1999, David Malone wrote:
On Wed, Dec 22, 1999 at 04:47:25AM +0000, Desi Hacker wrote:during the exploiting process.. the final step as instructed by the auther doesn't work ftp> get "--use-compress-program=sh blah".tar or ftp> get "--use-compress-program=sh blah".tar instead is gives a warning of permission denied! in case of anon ftp loggingThe ftpaccess man page contains the following example line: path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9._]*$ ^\. ^- which disallows filenames starting with . or - to anonymous users. Maybe your ftpaccess line contains this?
it doesn't disallow filenames starting with . or -, it disallows filenames with spaces
David.
Current thread:
- Re: ftp conversions exploit Desi Hacker (Dec 21)
- Re: ftp conversions exploit David Malone (Dec 22)
- Re: ftp conversions exploit Alexey Chetroi (Dec 23)
- Re: ftp conversions exploit Gregory A Lundberg (Dec 24)
- WebWho+ ADVISORY Cody T. - hhp (Dec 26)
- Re: ftp conversions exploit Alexey Chetroi (Dec 23)
- Re: ftp conversions exploit Lamont Granquist (Dec 27)
- Re: ftp conversions exploit David Malone (Dec 22)