Directory Traversal Vulnerability in TurboFTP Server

2010-07-19T00:00:00
ID HTB22514
Type htbridge
Reporter High-Tech Bridge
Modified 2010-07-19T00:00:00

Description

High-Tech Bridge SA Security Research Lab has discovered vulnerability in TurboFTP Server which could be exploited to delete or execute arbitrary files on vulnerable system.

1) Directory Traversal Vulnerability in TurboFTP Server
The vulnerability exists due to insufficient sanitation of the filename in the "RNTO" and "SIZE" commands. A remote attacker can upload a malicious file on the target server and rename it using directory traversal sequences (e.g. "..\..\..\..\..\..\..\..\..\...Documents and Settings\All Users\Start Menu\Programs\Startup\file.exe"). It is also possible to delete arbitrary files on the target system outside the FTP root folder. Successful exploitation requires that attacker has write permissions on the FTP server.