https://www.exploit-db.com/exploits/23632
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-736

CrobFTPServer3.5.1版本存在目录遍历漏洞。本地用户借助DIR命令中的多个../（点点斜线）浏览FTP根目录以外的内容。

source: http://www.securityfocus.com/bid/9546/info

A vulnerability has been reported in the Crob FTP server, which occurs due to a lack of validation of input from the user. By issuing a specially crafted request, a malevolent user may be able to gain access to files outside of the ftp root directory.


You can read all directories on the system with the following command:

dir ../../../../../*

来源:XF
名称:crob-dir-directory-traversal(15028)
链接:http://xforce.iss.net/xforce/xfdb/15028
来源:SECTRACK
名称:1008908
链接:http://www.securitytracker.com/alerts/2004/Feb/1008908.html
来源:BID
名称:9546
链接:http://www.securityfocus.com/bid/9546
来源:BUGTRAQ
名称:20040201VulnerabilitiesinCrobFTPServerV3.5.1
链接:http://www.securityfocus.com/archive/1/352329
来源:SECUNIA
名称:10778
链接:http://secunia.com/advisories/10778/