Home » Hacking News » WFTPD Shortcut Directory Traversal Vulnerability

WFTPD Shortcut Directory Traversal Vulnerability

by platon on July 8th, 2001 WFTPD is a popular FTP server software for Windows systems.

The WFTPD server contains a directory traversal vulnerability. It may be possible for remote users to upload files with the filename extension '.LNK.', thereby creating shortcuts to otherwise protected files and directories.

Create a Windows shortcut file (*.lnk) that points to the desired directory on the target system. Upload the file to the target with the filename extension '.LNK.', and enter a change directory command specifying the name of the .lnk file as the argument.

This vuln was reported to Bugtraq by ByteRage.

[Homepage]

From the forum

The forums are now OPEN AGAIN!

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Users login

JOIN XATRIX

WFTPD Shortcut Directory Traversal Vulnerability

Related articles

Advisories

Vulnerabilities

From the forum

Newsletter signup

Free E-books

Contact