Titan FTP Server versions prior to 10.40 build 1829 contain a directory traversal vulnerability in the web interface search functionality. Remote attackers can list all existing users by submitting "/../" in the search bar, enabling user enumeration and reconnaissance.
PoC代码[已公开]
id: CVE-2014-1842
info:
name: Titan FTP Server Search Function < 10.40 - User Enumeration
author: pussycat0x
severity: medium
description: |
Titan FTP Server versions prior to 10.40 build 1829 contain a directory traversal vulnerability in the web interface search functionality. Remote attackers can list all existing users by submitting "/../" in the search bar, enabling user enumeration and reconnaissance.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2014-1842
cwe-id: CWE-22
epss-score: 0.04756
epss-percentile: 0.88938
cpe: cpe:2.3:a:southrivertech:titan_ftp_server:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: southrivertech
product: titan_ftp_server
shodan-query: product:"Titan ftpd"
tags: cve,cve2014,network,ftp,titan-ftp,tcp,passive,vuln
tcp:
- inputs:
- data: 00000000
type: hex
host:
- "{{Hostname}}"
port: 21
read-size: 1024
matchers:
- type: dsl
dsl:
- "contains(raw, 'Titan')"
- "compare_versions(version, '< 10.40')"
condition: and
extractors:
- type: regex
group: 1
name: version
regex:
- "Titan FTP Server ([0-9.]+)"
# digest: 4a0a0047304502204e74c9bc650b195983514e4340477138fe872d16a4dc96bebd668f76ae880601022100a60a2d6102898f1d6947987ecffc2719fc123755c8b2bc0db5a262a194f2a898:922c64590222798bb761d5b6d8e72950