https://www.exploit-db.com/exploits/25486
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-962

RaidenFTPD的2.4.2241之前版本存在目录遍历漏洞，远程攻击者可以通过在一个urlget站命令中的一个”..\”(点点反斜杠)来读取任意文件。

source: http://www.securityfocus.com/bid/13292/info

RaidenFTPD is prone to a vulnerability that could allow unauthorized access to files outside the FTP root. The issue exists due to a lack of sufficient sanitization performed on 'SITE urlget' requests. Directory traversal sequences may be passed as a parameter for this request.

This vulnerability allows a remote attacker to read files outside of the FTP document root directory. An attacker may read files with the privileges of the FTP server process.

This issue was reported to affect all versions of RaidenFTPD prior to 2.4.2241.

quote site urlget file://..\boot.ini

来源:SECUNIA
名称:15037
链接:http://secunia.com/advisories/15037
来源:XF
名称:raidenftpd-directory-traversal(20368)
链接:http://xforce.iss.net/xforce/xfdb/20368
来源:BID
名称:13292
链接:http://www.securityfocus.com/bid/13292
来源:OSVDB
名称:15713
链接:http://www.osvdb.org/15713
来源:BUGTRAQ
名称:20050502DirectoryTraversalVuln-RaidenFTPD2.4链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111507556127582&w;=2
来源:forum.raidenftpd.com
链接:http://forum.raidenftpd.com/showflat.php?Board=UBB13&Number;=45685