deraison at nessus
Dec 29, 2008, 1:23 AM
Post #2 of 2
(2070 views)
Permalink
|
On Dec 24, 2008, at 7:18 PM, Cheryl Ammann wrote:
> This generic ftp traversal test uses anonymous:nessus@<hostname>. I
> found an ftp server this morning with a traversal vulnerability, but
> it
> doesn't accept "anonymous". It did, however, accept Administrator:""
> and
> guest:guest and guest:"". The null passwords were reported by 10166
> and
> 11160. It would be quite useful if this plugin tried the traversal if
> ftp access was gained in any way.
The problem is that anonymous access is a special case -- it's
supposed to be confined into a given subdirectory (ie: doing a
cd ../../../../../ should take you to /home/ftp on Unix).
Administrator (or Guest) are not supposed to be confined to their home
directories. If you can log in with these accounts, you're likely to
be able to traverse elsewhere in the FTP hierarchy.
-- Renaud
_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers
|
