Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » WFTPD Shortcut Directory Traversal Vulnerability

WFTPD Shortcut Directory Traversal Vulnerability

by platon on July 8th, 2001 WFTPD is a popular FTP server software for Windows systems.

The WFTPD server contains a directory traversal vulnerability. It may be possible for remote users to upload files with the filename extension '.LNK.', thereby creating shortcuts to otherwise protected files and directories.



Create a Windows shortcut file (*.lnk) that points to the desired directory on the target system. Upload the file to the target with the filename extension '.LNK.', and enter a change directory command specifying the name of the .lnk file as the argument.

This vuln was reported to Bugtraq by ByteRage.

[Homepage]


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »