PHPWebFTP Index.PHP Directory Traversal Vulnerability
BID:17557
Info
PHPWebFTP Index.PHP Directory Traversal Vulnerability
| Bugtraq ID: | 17557 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 17 2006 12:00AM |
| Updated: | Apr 18 2006 05:31PM |
| Credit: | [email protected] is credited with the discovery of this vulnerability. |
| Vulnerable: |
phpWebFTP phpWebFTP 3.2 |
| Not Vulnerable: | |
Discussion
PHPWebFTP Index.PHP Directory Traversal Vulnerability
phpWebFTP is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve and execute arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.
Reports also indicate that access to the source code of the login script 'script.js' may reveal information that could aid an attacker in further attacks.
phpWebFTP is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve and execute arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.
Reports also indicate that access to the source code of the login script 'script.js' may reveal information that could aid an attacker in further attacks.
Exploit / POC
PHPWebFTP Index.PHP Directory Traversal Vulnerability
This vulnerability may be exploited with a web client.
This vulnerability may be exploited with a web client.
Solution / Fix
PHPWebFTP Index.PHP Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
PHPWebFTP Index.PHP Directory Traversal Vulnerability
References:
References:
- phpWebFTP Homepage (phpWebFTP)
- PhpWebFTP 3.2 Login Script ([email protected])