Titan FTP Server versions prior to 10.40 build 1829 contain a directory traversal vulnerability in the Move function. Remote attackers can copy the complete home folder of another user by exploiting the ../ path traversal in the search-bar value, allowing unauthorized access to sensitive user data.
PoC代码[已公开]
id: CVE-2014-1841
info:
name: Titan FTP Server < 10.40 Move Function - Directory Traversal
author: pussycat0x
severity: medium
description: |
Titan FTP Server versions prior to 10.40 build 1829 contain a directory traversal vulnerability in the Move function. Remote attackers can copy the complete home folder of another user by exploiting the ../ path traversal in the search-bar value, allowing unauthorized access to sensitive user data.
reference:
- http://www.exploit-db.com/exploits/31579
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2014-1841
cwe-id: CWE-22
epss-score: 0.07239
epss-percentile: 0.91193
cpe: cpe:2.3:a:southrivertech:titan_ftp_server:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: southrivertech
product: titan_ftp_server
shodan-query: product:"Titan ftpd"
tags: cve,cve2014,network,ftp,titan-ftp,tcp,passive,lfi,vuln
tcp:
- inputs:
- data: 00000000
type: hex
host:
- "{{Hostname}}"
port: 21
read-size: 1024
matchers:
- type: dsl
dsl:
- "contains(raw, 'Titan')"
- "compare_versions(version, '< 10.40')"
condition: and
extractors:
- type: regex
group: 1
name: version
regex:
- "Titan FTP Server ([0-9.]+)"
# digest: 4b0a00483046022100985682f62774a977db84ea8f9378d4c56a1deaf536cf3f06f09419310a5f2947022100b83b495d7b2c7e515bada91f567486271d300b7b2a0c9c5dec4c461c6df53e96:922c64590222798bb761d5b6d8e72950