Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

CesarFTP v0.98b triple dot Directory Traversal / Weak password encryption

From: ByteRage <byterage () yahoo com>
Date: Sun, 27 May 2001 10:33:08 -0700 (PDT)
CesarFTP v0.98b triple dot Directory Traversal / Weak
password encryption

AFFECTED SYSTEMS

CesarFTP v0.98b on Windows 9x / ME

DESCRIPTION

1) Directory Traversal

First, we need a directory where we have access to on
the victim host...
(Or we can create one if we have enough rights)

ftp://127.0.0.1/

might give us a directory RESTRICTED/ for example
now we do :

ftp://127.0.0.1/RESTRICTED/...%5c/

and we're out of the restricted subdirectory, we have
read access to the whole harddrive

2)
Once again an FTP server with weak password
encryption...
The username:password pairs are stored in plaintext in
the program directory. (\program
files\CesarFTP\settings.ini)
Combined with the directory traversal, the password
file can be easily attained by any user...

VENDOR STATUS

I have sent this advisory to <cesarftp () aclogic com>

=======================================================
[ByteRage] <byterage () yahoo com> [www.byterage.cjb.net]
=======================================================

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
Previous By Date Next
Previous By Thread Next

Current thread: