|
|
glftpd privpath Directive Vulnerability
From the example posted to Bugtraq: /Groups/Mygroup and you have a dir named 'test' there. you can simply jump to it by typing 'chdir /Groups/Mygroup/t' glftpd does not check if you have the proper rights to see the dir, it just hops in there without any problem. So if you try a-9 on the dirnames you can see all stuff inside a private dir,, takes some time, but with a nice script its not that hard... ;-) |
|
Privacy Statement |