Fastream FTP++ Directory Traversal Vulnerability

info
discussion
exploit
solution
references

Fastream FTP++ Directory Traversal Vulnerability

It is possible for a remote uesr to gain read permissions outside of the Faststream FTP++ Server directory. By requesting an 'ls' command along with the drive name, Fastream FTP++ will disclose the contents of the requested drive.