u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h

FTGate Version 2.1 Web interface Server Directory Traversal Vulnerability

FTGate Version 2.1	FTGate Version 2.1 Web interface Server Directory Traversal Vulnerability
	Product: FTGate Version 2.1 FTGate has many advanced features including: - Proxy Support , Kill List , Advanced delivery options, Logging , Address Mapping- Domain Aliases, File import , Full Multithreading, HTML Interface - Command Processor, RAS Dial-up/Proxy/LAN support, SmartPop,Runs as either an Application or a service, POP3 server,SMTP server/gateway PROBLEM: UssrLabs found a FTGate Version 2.1 Web interface Server Directory Traversal Vulnerability Using the string '../' in a URL, an attacker can gain read access to any file outside of the intended web-published filesystem directory There is not much to expand on this one.... Example: http://127.1:8080/../../../autoexec.bat to show autoexec.bat Vendor Status: no contacted Vendor Url: http://www.floosietek.com Program Url: http://www.floosietek.com/ftgatehome.htm Credit: USSRLABS SOLUTION: Nothing yet. u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h