Full title: GNU Wget FTP Symlink Arbitrary Filesystem Access Exploit 
Category: remote exploits
Platform: linux
This module exploits a vulnerability in Wget when used in recursive (-r) mode with a FTP server as a destination. A symlink is used to allow arbitrary writes to the target's filesystem. To specify content for the file, use the "file:/path" syntax for the TARGET_DATA option. Tested successfully with wget 1.14. Versions prior to 1.16 are presumed vulnerable.

# 0day.today @ http://0day.today/