Exploit FloosieTek FTGate 2.1 - Web File Access

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
19223
Проверка EDB
  1. Пройдено
Автор
MARC
Тип уязвимости
REMOTE
Платформа
MULTIPLE
CVE
cve-1999-0887
Дата публикации
1999-05-25
FloosieTek FTGate 2.1 - Web File Access
Код:
source: https://www.securityfocus.com/bid/280/info

A vulnerability in Floosietek's FTGate allows remote malicious users to steal local files.

Floosietek's FTGate is a Win32 mail server program. One of its features is allowing administrators to check the status of the mail server using a web browser via a built-in web server.

The web server fails to check whether requested files fall outside its document tree (by using ".." in the URL). Thus attackers can retrieve files in the same drives as that on which the software resides if they know or can get it's filename. 

http://www.example.com:8080/../newuser.txt
 
Источник
www.exploit-db.com

Похожие темы