Crob FTP Server远程信息泄露漏洞

Crob FTP Server远程信息泄露漏洞

漏洞ID 1107674 漏洞类型 路径遍历
发布时间 2004-02-02 更新时间 2005-10-20
图片[1]-Crob FTP Server远程信息泄露漏洞-安全小百科CVE编号 CVE-2004-2309
图片[2]-Crob FTP Server远程信息泄露漏洞-安全小百科CNNVD-ID CNNVD-200412-736
漏洞平台 Windows CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/23632
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-736
|漏洞详情
CrobFTPServer3.5.1版本存在目录遍历漏洞。本地用户借助DIR命令中的多个../(点点斜线)浏览FTP根目录以外的内容。
|漏洞EXP
source: http://www.securityfocus.com/bid/9546/info

A vulnerability has been reported in the Crob FTP server, which occurs due to a lack of validation of input from the user. By issuing a specially crafted request, a malevolent user may be able to gain access to files outside of the ftp root directory.


You can read all directories on the system with the following command:

dir ../../../../../*
|参考资料

来源:XF
名称:crob-dir-directory-traversal(15028)
链接:http://xforce.iss.net/xforce/xfdb/15028
来源:SECTRACK
名称:1008908
链接:http://www.securitytracker.com/alerts/2004/Feb/1008908.html
来源:BID
名称:9546
链接:http://www.securityfocus.com/bid/9546
来源:BUGTRAQ
名称:20040201VulnerabilitiesinCrobFTPServerV3.5.1
链接:http://www.securityfocus.com/archive/1/352329
来源:SECUNIA
名称:10778
链接:http://secunia.com/advisories/10778/

相关推荐: MyBB Member.PHP SQL Injection Vulnerability

MyBB Member.PHP SQL Injection Vulnerability 漏洞ID 1096061 漏洞类型 Input Validation Error 发布时间 2005-08-29 更新时间 2005-08-29 CVE编号 N/A CNN…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享