[VIM] Home FTP SERVER 1.12 Directory Traversal

George A. Theall theall at tenable.com
Mon Feb 28 15:06:19 CST 2011

Exploit DB 16259 / Bugtraq 46600 concern a directory traversal issue  
in Home FTP SERVER 1.12 and give as a PoC:

   RETR ../../../../boot.ini

Exploit DB 15349 / Bugtraq 44543 concern a series of directory  
traversal issues in an earlier version of the same software; one of  
the PoCs is:

   GET ../../../boot.ini

Since an FTP client translates a "GET" into the command "RETR" when  
speaking to an FTP server, the new VDB identifiers seem to be just  
rehashes of the earlier ones. Or am I missing something. Rob?

theall at tenablesecurity.com

More information about the VIM mailing list