Datawizards FtpXQ Directory Traversal Vulnerability
BID:2426
Info
Datawizards FtpXQ Directory Traversal Vulnerability
| Bugtraq ID: | 2426 |
| Class: | Input Validation Error |
| CVE: |
CVE-2001-0293 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 28 2001 12:00AM |
| Updated: | Jul 11 2009 04:46AM |
| Credit: | This vulnerability was first announced to Bugtraq by [email protected] on February 28, 2001. |
| Vulnerable: |
DataWizard FtpXQ 2.0.93 |
| Not Vulnerable: | |
Discussion
Datawizards FtpXQ Directory Traversal Vulnerability
FtpQX is a ftp daemon designed to provide ftp services for Microsoft Operating Systems. It is maintained and distributed by Datawizard Technologies.
A problem in the software could allow access to restricted resources. Due to insufficient input checking, it is possible to retrieve files outside of the ftp root directory. By preappending dots to a GET request, it is possible to traverse directories above the ftp root directory, and retrieve any known file.
This makes it possible for a malicious user with access to the ftp server to gain access to sensitive information, including password files stored on the server.
FtpQX is a ftp daemon designed to provide ftp services for Microsoft Operating Systems. It is maintained and distributed by Datawizard Technologies.
A problem in the software could allow access to restricted resources. Due to insufficient input checking, it is possible to retrieve files outside of the ftp root directory. By preappending dots to a GET request, it is possible to traverse directories above the ftp root directory, and retrieve any known file.
This makes it possible for a malicious user with access to the ftp server to gain access to sensitive information, including password files stored on the server.
Exploit / POC
Datawizards FtpXQ Directory Traversal Vulnerability
This exploit was contributed by [email protected]:
ftp> cd ..
ftp> get ../../autoexec.bat
This exploit was contributed by [email protected]:
ftp> cd ..
ftp> get ../../autoexec.bat
Solution / Fix
Datawizards FtpXQ Directory Traversal Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Datawizards FtpXQ Directory Traversal Vulnerability
References:
References: