Dotdot vulnerability in Broker FTP Server v.3.0 Build 1
There's a hole in Broker FTP Server v.3.0 Build 1. Here's an example:
You have the server installed with the FTP root in c:\FTProot and you have a user "test" with a home directory in c:\FTProot\test. You also have checked the "Display as ROOT directory" checkbox for test, so he/she can't get below the home directory. CWD won't take her/him below it, but LIST will.
will list the contents of c:\winnt and
will also list the contents of c:\winnt. Of course this isn't as bad as if CWD or RETR had worked, but you probably don't want anybody to be able to look around in your private directories.