[22277] in bugtraq
Re: HTML Form Protocol Attack
daemon@ATHENA.MIT.EDU (Mark van Walraven)
Thu Aug 16 19:39:20 2001
Date: Fri, 17 Aug 2001 10:16:07 +1200
From: Mark van Walraven <markv@wave.co.nz>
To: bugtraq@securityfocus.com
Message-ID: <20010817101607.F11783@mail.wave.co.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <20010816130426.A602@purple.chu.cam.ac.uk>; from Barnaby Gray on Thu, Aug 16, 2001 at 01:04:26PM +0100
On Thu, Aug 16, 2001 at 01:04:26PM +0100, Barnaby Gray wrote:
> What I meant is to get any useful data back over the FTP DATA
> connection (for LIST, RETR, STOR commands, etc.) you either have to
> use a passive mode transfer in which case you need to get another
> connection to connect to an arbitrary port on the server. Or an
> active mode transfer in which case you need to be able to listen on a
> port specified in the PORT command. I believe this is a risk for
Hopefully I am not stating the obvious, but the argument to the PORT
command specify the IP address of the host to be used for the data
connection. Therefore, the results of your LIST, RETR, STOR, etc.,
can be sent directly to some other host; a firewall that allows all
outbound connections is no obstacle.
Regards,
Mark.
