[VIM] Home FTP SERVER 1.12 Directory Traversal
George A. Theall
theall at tenable.com
Mon Feb 28 15:06:19 CST 2011
Exploit DB 16259 / Bugtraq 46600 concern a directory traversal issue
in Home FTP SERVER 1.12 and give as a PoC:
RETR ../../../../boot.ini
Exploit DB 15349 / Bugtraq 44543 concern a series of directory
traversal issues in an earlier version of the same software; one of
the PoCs is:
GET ../../../boot.ini
Since an FTP client translates a "GET" into the command "RETR" when
speaking to an FTP server, the new VDB identifiers seem to be just
rehashes of the earlier ones. Or am I missing something. Rob?
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list