WFTPD Shortcut Directory Traversal Vulnerability
by platon on July 8th, 2001 WFTPD is a popular FTP server software for Windows systems.The WFTPD server contains a directory traversal vulnerability. It may be possible for remote users to upload files with the filename extension '.LNK.', thereby creating shortcuts to otherwise protected files and directories.
Create a Windows shortcut file (*.lnk) that points to the desired directory on the target system. Upload the file to the target with the filename extension '.LNK.', and enter a change directory command specifying the name of the .lnk file as the argument.
This vuln was reported to Bugtraq by ByteRage.
[Homepage]