New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Open-FTPD 1.2 Writable Directory Traversal Execution #2211
Conversation
Processing... |
send_cmd(['PORT', "#{src_ip},#{src_port}"], true, conn) | ||
|
||
# Tell the FTP server to download our file | ||
send_cmd(['STOR', filename], false, conn) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
According to the code, it looks like an arbitrary File Upload more than a directory traversal vulnerability, as written in the Name and Description of the module. Is it right or I'm forgetting something ?
Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're correct. 'Arbitrary file upload' is more applicable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome, in this case, fixing things by myself, and landing, are just minor changes, thanks @bcoles!
Once comments are clarified by @bcoles it's ready to be landed:
|
Last changes here: 8ac01d3 Final test:
Thanks @bcoles ! |
Add Open-FTPD 1.2 Writable Directory Traversal Execution