Dotdot vulnerability in Broker FTP Server v.3.0 Build 1
There's a hole in Broker FTP Server v.3.0 Build 1. Here's an example:
You have the server installed with the FTP root in c:\FTProot and you have a user "test" with a home directory in c:\FTProot\test. You also have checked the "Display as ROOT directory" checkbox for test, so he/she can't get below the home directory. CWD won't take her/him below it, but LIST will.
LIST ..\..\winnt\
will list the contents of c:\winnt and
NLST ..\..\winnt\
will also list the contents of c:\winnt. Of course this isn't as bad as if CWD or RETR had worked, but you probably don't want anybody to be able to look around in your private directories.
You have the server installed with the FTP root in c:\FTProot and you have a user "test" with a home directory in c:\FTProot\test. You also have checked the "Display as ROOT directory" checkbox for test, so he/she can't get below the home directory. CWD won't take her/him below it, but LIST will.
LIST ..\..\winnt\
will list the contents of c:\winnt and
NLST ..\..\winnt\
will also list the contents of c:\winnt. Of course this isn't as bad as if CWD or RETR had worked, but you probably don't want anybody to be able to look around in your private directories.