more silly bugs in cooolsoft 'personal ftp server'

Knud Erik Højgaard <knud@skodliv.dk> · Thu, 10 Oct 2002 14:55:54 +0200

version tested: 2.24
pwd shows absolute path instead of relative ( ie. drive:/folder instead of
/ )
ls ../ will let a user get a dirlisting above his home directory.
mkdir ../folder will let a user create folders outside his home
directory.[1]
put file ../file will let users create files outside his home directory.[1]
get ../file will let users get files outside his home directory.

Furthermore the passwords are stored in cleartext in ftpserver.ini located
in the installation directory, defaults to drive:\progra~1\powerftp

[1] Requires write access, duh. get the ftpserver.ini and look for a user
with AcessRight1=1.

--
Knud Erik Højgaard