FTP Commander Pro 8.0 Directory Traversal

Type packetstorm
Reporter High-Tech Bridge SA
Modified 2010-08-03T00:00:00


                                            `Vulnerability ID: HTB22511  
Reference: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_ftp_commander_pro.html  
Product: FTP Commander Pro  
Vendor: InternetSoft Corporation ( http://www.internet-soft.com/ftpcomm.htm )   
Vulnerable Version: 8.0 and Probably Prior Versions  
Vendor Notification: 19 July 2010   
Vulnerability Type: Directory Traversal Vulnerability  
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response  
Risk level: High   
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)   
Vulnerability Details:  
When exploited, this vulnerability allows an anonymous attacker to write files to specified locations on a user's system.  
The FTP client does not properly sanitise filenames containing directory traversal sequences that are received from an FTP server, for example  
file named as "..\..\..\..\..\..\..\somefile.exe".  
By tricking a user to download a directory from a malicious FTP server that contains files with backslash directory traversal sequences in their filenames,   
an attacker can potentially write files into a user's Startup folder to execute malicious code when the user logs on.