Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: plugins

plugin 11112

 

 

Nessus plugins RSS feed   Index | Next | Previous | View Threaded


ammann at lanl

Dec 24, 2008, 10:18 AM

Post #1 of 2 (2615 views)
Permalink
plugin 11112

This generic ftp traversal test uses anonymous:nessus@<hostname>. I
found an ftp server this morning with a traversal vulnerability, but it
doesn't accept "anonymous". It did, however, accept Administrator:"" and
guest:guest and guest:"". The null passwords were reported by 10166 and
11160. It would be quite useful if this plugin tried the traversal if
ftp access was gained in any way.

Cheryl
_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers


deraison at nessus

Dec 29, 2008, 1:23 AM

Post #2 of 2 (2379 views)
Permalink
Re: plugin 11112 [In reply to]

On Dec 24, 2008, at 7:18 PM, Cheryl Ammann wrote:

> This generic ftp traversal test uses anonymous:nessus@<hostname>. I
> found an ftp server this morning with a traversal vulnerability, but
> it
> doesn't accept "anonymous". It did, however, accept Administrator:""
> and
> guest:guest and guest:"". The null passwords were reported by 10166
> and
> 11160. It would be quite useful if this plugin tried the traversal if
> ftp access was gained in any way.

The problem is that anonymous access is a special case -- it's
supposed to be confined into a given subdirectory (ie: doing a
cd ../../../../../ should take you to /home/ftp on Unix).

Administrator (or Guest) are not supposed to be confined to their home
directories. If you can log in with these accounts, you're likely to
be able to traverse elsewhere in the FTP hierarchy.


-- Renaud



_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers

Nessus plugins RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.