OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: ftp.pl vulnerability
From: zillion safemode ()
Date: Wed Jul 12 2000 - 14:56:58 CDT


Feartech ftp browser problem

From the creators page ( http://www.feartech.com/vv/ftp.shtml )

-- snip --

FTP Browser allows you to display a html enhanced directory listing,
which is great for managing your ftp files. FTP
Browser can do all of the following:

-- snip --

But wait.. it can do more than just that :

http://www.server.com/cgi-bin/ftp/ftp.pl?dir=../../../../../../etc

The vedor has been notified a week ago but has released no fix or update

This ain't something huge but the script is offered on various script
archives.

zillion

site: http://www.safemode.org
email: zillionsafemode.org