eftp_directory_traversal.nasl

漏洞扫描源码,可以扫描linux,windows,交换机路由器

#
# This script was written by Michel Arboi <arboi@alussinan.org>
# starting from guild_ftp.nasl
#
# See the Nessus Scripts License for details
#

if(description)
{
  script_id(10933);
  script_bugtraq_id(3333);
  script_cve_id("CVE-2001-1109");
  script_version("$Revision: 116 $");
 name["english"] = "EFTP tells if a given file exists";
 name["francais"] = "EFTP indique si un fichier existe";
 
 script_name(english:name["english"], francais:name["francais"]);
 
 desc["english"] = "
The remote FTP server can be used to determine if a given
file exists on the remote host or not, by adding dot-dot-slashes
in front of them. 

For instance, it is possible to determine the presence
of \autoexec.bat by using the command SIZE or MDTM on
../../../../autoexec.bat

An attacker may use this flaw to gain more knowledge about
this host, such as its file layout. This flaw is specially
useful when used with other vulnerabilities.

Solution : update your EFTP server to 2.0.8.348 or change it
Risk factor : Low";
 


 desc["francais"] = "
Le serveur FTP distant peut 阾re utilis