TUCoPS :: Web :: General :: feartech.txt

Feartech FTP directory access hole 

COMMAND

    ftp.pl

SYSTEMS AFFECTED

    Feartech ftp

PROBLEM

    zillion found  following.   FTP Browser  allows you  to display  a
    html enhanced directory listing, which is great for managing  your
    ftp files. FTP Browser can do all of the following: bla bla...

    But wait.. it can do more than just that:

        http://www.server.com/cgi-bin/ftp/ftp.pl?dir=../../../../../../etc

    The vedor has been notified a week ago but has released no fix  or
    update.  This  ain't something huge  but the script  is offered on
    various script archives.

SOLUTION

    Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH