logo
line
HOME
TOOLBOX
ON MY MIND RIGHT NOW
MISC
ABOUT
line
forest

Dotdot vulnerability in Broker FTP Server v.3.0 Build 1

There's a hole in Broker FTP Server v.3.0 Build 1. Here's an example:

You have the server installed with the FTP root in c:\FTProot and you have a user "test" with a home directory in c:\FTProot\test. You also have checked the "Display as ROOT directory" checkbox for test, so he/she can't get below the home directory. CWD won't take her/him below it, but LIST will.

LIST ..\..\winnt\

will list the contents of c:\winnt and

NLST ..\..\winnt\

will also list the contents of c:\winnt. Of course this isn't as bad as if CWD or RETR had worked, but you probably don't want anybody to be able to look around in your private directories.



© Arne Vidstrom. All rights reserved.