|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: ByteRage (byterage
yahoo.com)Date: Sun May 27 2001 - 12:33:08 CDT
CesarFTP v0.98b triple dot Directory Traversal / Weak
password encryption
AFFECTED SYSTEMS
CesarFTP v0.98b on Windows 9x / ME
DESCRIPTION
1) Directory Traversal
First, we need a directory where we have access to on
the victim host...
(Or we can create one if we have enough rights)
might give us a directory RESTRICTED/ for example
now we do :
ftp://127.0.0.1/RESTRICTED/...%5c/
and we're out of the restricted subdirectory, we have
read access to the whole harddrive
2)
Once again an FTP server with weak password
encryption...
The username:password pairs are stored in plaintext in
the program directory. (\program
files\CesarFTP\settings.ini)
Combined with the directory traversal, the password
file can be easily attained by any user...
VENDOR STATUS
I have sent this advisory to <cesarftpaclogic.com>
=======================================================
[ByteRage] <byterageyahoo.com> [www.byterage.cjb.net]
=======================================================
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]