Virtual Vision FTP Browser Vulnerability
BID:1471
Info
Virtual Vision FTP Browser Vulnerability
| Bugtraq ID: | 1471 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 12 2000 12:00AM |
| Updated: | Jul 12 2000 12:00AM |
| Credit: | This vulneratility was first reported to Bugtraq in a message by zillion @ safemode <[email protected]> on July 12, 2000. |
| Vulnerable: |
Virtual Vision FTP Browser 1.0 |
| Not Vulnerable: | |
Discussion
Virtual Vision FTP Browser Vulnerability
The Virtual Visions FTP Browser is a CGI script that provides an HTML interface to files that you have available to download. By submitting a request to the script containing the special directory traversal characters it is possible to access any directory on the filesystem. For example:
http://www.server.com/cgi-bin/ftp/ftp.pl?dir=../../../../../../etc
The Virtual Visions FTP Browser is a CGI script that provides an HTML interface to files that you have available to download. By submitting a request to the script containing the special directory traversal characters it is possible to access any directory on the filesystem. For example:
http://www.server.com/cgi-bin/ftp/ftp.pl?dir=../../../../../../etc
Exploit / POC
Virtual Vision FTP Browser Vulnerability
See discussion.
See discussion.
Solution / Fix
Virtual Vision FTP Browser Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Virtual Vision FTP Browser Vulnerability
References:
References:
- Virtual Visions Script Gallery (Virtual Visions)