[15777] in bugtraq
ftp.pl vulnerability
daemon@ATHENA.MIT.EDU (zillion @ safemode)
Thu Jul 13 20:34:08 2000
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <396CCD89.F0CC0659@safemode.org>
Date: Wed, 12 Jul 2000 21:56:58 +0200
Reply-To: "zillion @ safemode" <zillion@SAFEMODE.ORG>
From: "zillion @ safemode" <zillion@SAFEMODE.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
Feartech ftp browser problem
From the creators page ( http://www.feartech.com/vv/ftp.shtml )
-- snip --
FTP Browser allows you to display a html enhanced directory listing,
which is great for managing your ftp files. FTP
Browser can do all of the following:
-- snip --
But wait.. it can do more than just that :
http://www.server.com/cgi-bin/ftp/ftp.pl?dir=../../../../../../etc
The vedor has been notified a week ago but has released no fix or update
This ain't something huge but the script is offered on various script
archives.
zillion
site: http://www.safemode.org
email: zillion@safemode.org
