ftgate.web.txt

1999-11-05T00:00:00
ID PACKETSTORM:11539
Type packetstorm
Reporter Underground Security Systems Research
Modified 1999-11-05T00:00:00

Description

                                        
                                            `FTGate Version 2.1 Web interface Server Directory Traversal Vulnerability  
  
Product:  
  
FTGate Version 2.1  
FTGate has many advanced features including:  
- Proxy Support , Kill List , Advanced delivery options, Logging ,  
Address Mapping-  
- Domain Aliases, File import , Full Multithreading, HTML Interface  
- Command Processor, RAS Dial-up/Proxy/LAN support, SmartPop  
- Runs as either an Application or a service  
- POP3 server.  
- SMTP server/gateway  
  
  
PROBLEM  
  
UssrLabs found a FTGate Version 2.1 Web interface Server Directory Traversal  
Vulnerability  
Using the string '../' in a URL, an attacker can gain read access to  
any file outside of the intended web-published filesystem directory  
  
There is not much to expand on this one....  
  
Example:  
  
http://127.1:8080/../../../autoexec.bat to show autoexec.bat  
  
  
Vendor Status:  
no contacted  
  
Vendor Url: http://www.floosietek.com  
Program Url: http://www.floosietek.com/ftgatehome.htm  
  
Credit: USSRLABS  
  
SOLUTION  
  
Nothing yet.  
  
  
`