Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: ByteRage (byterageyahoo.com)
Date: Sun May 27 2001 - 12:33:08 CDT
CesarFTP v0.98b triple dot Directory Traversal / Weak
CesarFTP v0.98b on Windows 9x / ME
1) Directory Traversal
First, we need a directory where we have access to on
the victim host...
(Or we can create one if we have enough rights)
might give us a directory RESTRICTED/ for example
now we do :
and we're out of the restricted subdirectory, we have
read access to the whole harddrive
Once again an FTP server with weak password
The username:password pairs are stored in plaintext in
the program directory. (\program
Combined with the directory traversal, the password
file can be easily attained by any user...
I have sent this advisory to <cesarftpaclogic.com>
[ByteRage] <byterageyahoo.com> [www.byterage.cjb.net]
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices