Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

more silly bugs in cooolsoft 'personal ftp server'

From: Knud Erik Højgaard <knud () skodliv dk>
Date: Thu, 10 Oct 2002 14:55:54 +0200
version tested: 2.24
pwd shows absolute path instead of relative ( ie. drive:/folder instead of
/ )
ls ../ will let a user get a dirlisting above his home directory.
mkdir ../folder will let a user create folders outside his home
directory.[1]
put file ../file will let users create files outside his home directory.[1]
get ../file will let users get files outside his home directory.

Furthermore the passwords are stored in cleartext in ftpserver.ini located
in the installation directory, defaults to drive:\progra~1\powerftp

[1] Requires write access, duh. get the ftpserver.ini and look for a user
with AcessRight1=1.

--
Knud Erik Højgaard
Previous By Date Next
Previous By Thread Next

Current thread: