by Tan Chew Keong
Release Date: 2008-06-27
[en] [jp]
Summary
A vulnerability has been found within the FTP client in AceFTP. When exploited, this vulnerability allows an anonymous attacker to write files to arbitrary locations on a Windows user's system.
Tested Versions
Details
This advisory discloses a vulnerability within the FTP client in AceFTP. When exploited, this vulnerability allows an anonymous attacker to write files to arbitrary locations on a Windows user's system.
The FTP client does not properly sanitise filenames containing directory traversal sequences (forward-slash) that are received from an FTP server in response to the LIST command.
An example of such a response from a malicious FTP server is shown below.
Response to LIST (forward-slash):
-rw-r--r-- 1 ftp ftp 20 Mar 01 05:37 /../../../../../../../../../testfile.txt\r\n
By tricking a user to download a directory from a malicious FTP server that contains files with fowward-slash directory traversal sequences in their filenames, it is possible for the attacker to write files to arbitrary locations on a user's system with privileges of that user. An attacker can potentially leverage this issue to write files into a user's Windows Startup folder and execute arbitrary code when the user logs on.
POC / Test Code
Please download the POC here and follow the instructions below.
Awm 20251 Console Cable Driver
In conclusion, AWM 20251 Console Cable Driver is a powerful tool that can revolutionize the way you connect to and manage your devices. With its high-speed data transfer, wide compatibility, and ease of use, this driver is an essential solution for anyone working with console cables. Whether you're a network administrator, a device configurator, or simply someone looking to streamline your workflow, AWM 20251 Console Cable Driver is definitely worth checking out.
We hope you found this blog post informative and helpful. Do you have any questions or comments about AWM 20251 Console Cable Driver? Share them with us in the comments section below! Awm 20251 Console Cable Driver
AWM 20251 Console Cable Driver is a specialized driver designed to facilitate communication between a computer and a console or terminal. The driver enables the use of a console cable to establish a reliable and high-speed connection, allowing users to access and manage various devices, such as routers, switches, and servers. In conclusion, AWM 20251 Console Cable Driver is
Are you tired of dealing with cumbersome and unreliable console cable connections? Look no further than the AWM 20251 Console Cable Driver, a game-changing solution designed to streamline your workflow and enhance your overall user experience. In this blog post, we'll delve into the world of AWM 20251 Console Cable Driver, exploring its features, benefits, and applications. We hope you found this blog post informative and helpful
Ready to experience the benefits of AWM 20251 Console Cable Driver for yourself? Visit our website to learn more and download the driver today! [insert link]
Patch / Workaround
Avoid downloading files/directories from untrusted FTP servers.
Disclosure Timeline
2008-06-15 - Vulnerability Discovered.
2008-06-16 - Vulnerability Details Sent to Vendor via online support form (no reply).
2008-06-18 - Vulnerability Details Sent to Vendor again via online support form (no reply).
2008-06-25 - Vulnerability Details Sent to Vendor again via online support form (no reply).
2008-06-27 - Public Release.