Wing FTP Server HTTP Request Directory Traversal Vulnerability
BID:39744
Info
Wing FTP Server HTTP Request Directory Traversal Vulnerability
| Bugtraq ID: | 39744 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 27 2010 12:00AM |
| Updated: | Apr 27 2010 12:00AM |
| Credit: | Christian Navarrete (chr1x), CubilFelino Security Research Lab |
| Vulnerable: |
wftpserver Wing FTP Server 3.4.3 |
| Not Vulnerable: | |
Discussion
Wing FTP Server HTTP Request Directory Traversal Vulnerability
Wing FTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
A remote attacker could exploit this vulnerability using directory-traversal strings (such as '../') to gain access to files outside the webroot folder.
Wing FTP Server 3.4.3 is vulnerable; other versions may also be affected.
Wing FTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
A remote attacker could exploit this vulnerability using directory-traversal strings (such as '../') to gain access to files outside the webroot folder.
Wing FTP Server 3.4.3 is vulnerable; other versions may also be affected.
Exploit / POC
Wing FTP Server HTTP Request Directory Traversal Vulnerability
Attackers can use readily available tools to exploit this issue.
Attackers can use readily available tools to exploit this issue.
Solution / Fix
Wing FTP Server HTTP Request Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Wing FTP Server HTTP Request Directory Traversal Vulnerability
References:
References:
- Wing FTP Server Homepage (Wing FTP Server)