CVE-2019-9648

# Exploit Title: CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal # Google Dork: N/A # Date: 3/13/2019 # Exploit Author: Kevin Randall # Vendor Homepage: wwwcoreftpcom # Software Link: wwwcoreftpcom/server/indexhtml # Version: Firmware: CoreFTP Server FTP / SFTP Server v2 - Build 674 # Tested on: Windows ...

CoreFTP Server FTP and SFTP Server version 2 build 674 suffer from a directory traversal vulnerability By utilizing a directory traversal along with the FTP SIZE command, an attacker can browse outside the root directory to determine if a file exists based on return file size by using a \\ technique ...

An issue was discovered in the SFTP Server component in Core FTP 20 Build 674 A directory traversal vulnerability exists using the SIZE command along with a \\\ substring, allowing an attacker to enumerate file existence based on the returned information ...

<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal (Metasploit) Exploit <!--X-Subject-Header-End ...