OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: ByteRage (byterageyahoo.com)
Date: Sun May 27 2001 - 12:33:08 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    CesarFTP v0.98b triple dot Directory Traversal / Weak
    password encryption

    AFFECTED SYSTEMS

    CesarFTP v0.98b on Windows 9x / ME

    DESCRIPTION

    1) Directory Traversal

    First, we need a directory where we have access to on
    the victim host...
    (Or we can create one if we have enough rights)

    ftp://127.0.0.1/

    might give us a directory RESTRICTED/ for example
    now we do :

    ftp://127.0.0.1/RESTRICTED/...%5c/

    and we're out of the restricted subdirectory, we have
    read access to the whole harddrive

    2)
    Once again an FTP server with weak password
    encryption...
    The username:password pairs are stored in plaintext in
    the program directory. (\program
    files\CesarFTP\settings.ini)
    Combined with the directory traversal, the password
    file can be easily attained by any user...

    VENDOR STATUS

    I have sent this advisory to <cesarftpaclogic.com>

    =======================================================
    [ByteRage] <byterageyahoo.com> [www.byterage.cjb.net]
    =======================================================

    __________________________________________________
    Do You Yahoo!?
    Yahoo! Auctions - buy the things you want at great prices
    http://auctions.yahoo.com/