We found that there was one crlf injection in php ftp ftuntion.As same as http,you can inject a '\r\n other command' in the paramer of a ftp function like ftp_mkdir,and then php would send the \r\n to your connected ftp server.The server considerd there is a new command,and the other command would b...

[ more ]