CWD and LIST in ftp

Guilherme Belinelo · ‎03-15-2001

Hi,

My site was submited to a security test by a partner. The report says, for ftp, that I?m under high risk because the command LIST can show the directories and because the command CWP can show the actual path to the public area. I did?t find that commands in the DOS ftp aplication, but I can list them using remotehelp. Are those a real problem ? How could I emulate this test using ftp command or even command line ? And if it is a problem, how can I solve that ?

Bill McNAMARA_1 · ‎03-16-2001

I believe this has something to do with some ftp servers allowing a get of ../../etc/password and the likes of that.
For example an earlier release of Warftpd.

Misconfigured ftp servers were highlighted during the hacking of the CIA a few years back!

Later,
Bill

It works for me (tm)

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

CWD and LIST in ftp

CWD and LIST in ftp

Re: CWD and LIST in ftp