AOH :: Web :: General :: FEARTECH.TXT

AOH :: Web :: General :: FEARTECH.TXT
Feartech FTP directory access hole


COMMAND

    ftp.pl

SYSTEMS AFFECTED

    Feartech ftp

PROBLEM

    zillion found  following.   FTP Browser  allows you  to display  a
    html enhanced directory listing, which is great for managing  your
    ftp files. FTP Browser can do all of the following: bla bla...

    But wait.. it can do more than just that:

        http://www.server.com/cgi-bin/ftp/ftp.pl?dir=../../../../../../etc

    The vedor has been notified a week ago but has released no fix  or
    update.  This  ain't something huge  but the script  is offered on
    various script archives.

SOLUTION

    Nothing yet.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.