7 lines
No EOL
360 B
Text
7 lines
No EOL
360 B
Text
source: http://www.securityfocus.com/bid/6585/info
|
|
|
|
WebWeaver's FTP component has a flaw which can permit a remote user to create directories outside the FTP root.
|
|
|
|
By executing the mkdir command on an ftp server with dot-dot-slash (..\) directory traversal notation, an attacker can create a directory outside of the FTP root.
|
|
|
|
mkdir ..\[directoryname] |