[12453] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

FTGate Version 2.1 Web interface Server Directory Traversal

daemon@ATHENA.MIT.EDU (Ussr Labs)
Fri Nov 5 13:32:15 1999

Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id:  <NCBBKFKDOLAGKIAPMILPGEJCCAAA.labs@ussrback.com>
Date:         Fri, 5 Nov 1999 07:04:51 -0300
Reply-To: Ussr Labs <labs@USSRBACK.COM>
From: Ussr Labs <labs@USSRBACK.COM>
X-To:         BUGTRAQ <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM

FTGate Version 2.1 Web interface Server Directory Traversal Vulnerability

Product:

FTGate Version 2.1
FTGate has many advanced features including:
- Proxy Support ,  Kill List ,  Advanced delivery options,  Logging ,
Address Mapping-
- Domain Aliases,  File import ,  Full Multithreading,  HTML Interface
- Command Processor, RAS Dial-up/Proxy/LAN support,  SmartPop
- Runs as either an Application or a service
- POP3 server.
- SMTP server/gateway


PROBLEM

UssrLabs found a FTGate Version 2.1 Web interface Server Directory Traversal
Vulnerability
Using the string '../' in a URL, an attacker can gain read access to
any file outside of the intended web-published filesystem directory

There is not much to expand on this one....

Example:

http://127.1:8080/../../../autoexec.bat      to show autoexec.bat


Vendor Status:
no contacted

Vendor   Url: http://www.floosietek.com
Program Url: http://www.floosietek.com/ftgatehome.htm

Credit: USSRLABS

SOLUTION

    Nothing yet.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[12453] in bugtraq

FTGate Version 2.1 Web interface Server Directory Traversal

daemon@ATHENA.MIT.EDU (Ussr Labs)Fri Nov 5 13:32:15 1999

daemon@ATHENA.MIT.EDU (Ussr Labs)
Fri Nov 5 13:32:15 1999