> -----Original Message----- > From: security team 0seen [mailto:o5een@hotmail.com] > Sent: Wednesday, March 03, 2004 2:37 AM > > #!/usr/bin/python > > #wftpd exploit, code by OYXin > > #POC and lame python exploit, only test on WFTD pro 3.21.1.1 > with win2000 cn sp4 Please test this against 3.21.2.1, released 2/29/2003, updated 3/3/2004. What does your code have to offer over the code already irresponsibly released by the previous poster? Does it offer any more information, or is it simply "a c001er crack"? Please don't waste my time offering ever cooler cracks for the same flaw, especially once the flaw has been patched. Did you bother to check and see if it was patched? Apparently not. Did you bother to contact the vendor (me) first? Definitely not. In fact, you didn't even try to contact me _at_all_. Even the original poster did me that small favour. I'm busy trying to keep my users secure. Either help me in that task, or don't. If you help me protect my users, I'll thank you. If all you're interested in doing is claiming bragging rights while simultaneously putting my users at risk, I don't appreciate it in the slightest. And, not to get on my high horse again, but really, Bugtraq moderators, do you feel comfortable that you are not contributing to the protection of users, but are actively involved in removing that protection? My record speaks for itself, I do not need, and have never needed, the "persuasion" of having vulnerabilities publicised, with full exploit code. Vulnerabilities should always be revealed first to the vendor, and some time given to allow for a reasoned response, rather than publishing the vulnerabilities and forcing the vendor into a mad scramble to get any patch out the door quickly. [Quite frankly, even if my past behaviour _had_ been shockingly poor, simple courtesy to my users suggests that you at least _try_ to get my attention to the matter.] Alun. ~~~~ -- Texas Imperial Software | Find us at http://www.wftpd.com or email 1602 Harvest Moon Place | alun@texis.com. Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
