Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: ByteRage (byterageyahoo.com)
Date: Sat May 26 2001 - 11:44:47 CDT
GuildFTPD v0.97 Directory Traversal / Weak password
tested on Windows 9x, probably works on NT / 2k as
1) Directory Traversal
Consider the following FTP session (I'm using windows'
FTP.EXE proggie, and its associated commands) :
The following commands :
all give "550 Access denied." errors, so the frontdoor
seems to be closed... The following stuff *does* work
This way, we can map out the whole harddrive...
other example : LS /../../windows/*
Now, to retrieve a file, do something like :
GET /../windows/system.ini c:\received-file.txt
And another thing... I don't want to whine to the guys
who wrote this program, but storing the user:password
pairs in plaintext in the program directory (the
default.usr & default?.usr files) is asking for
trouble : most ftp servers at least provide some way
encryption / hashing... when you combine this with the
traversal bug, anyone can get the passwords of all the
users by grabbing the default.usr file.
I have sent this advisory to both DrPhibez
<guildftpdztnet.com> and Nitro187 (Matthew
Flewelling) <nitrozophar.net>, the programmers of
[ByteRage] <byterageyahoo.com> [www.byterage.cjb.net]
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices