IT Pro Today is part of the Informa Tech Division of Informa PLC

INFORMA PLC|ABOUT US|INVESTOR RELATIONS|TALENT

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Documents Online Events Advertise About

Newsletter Sign-Up

Cloud

Recent in Cloud

SEE ALL Cloud

healthcare administrator transferring patient data via cloud computing applications

Cloud Computing

5 Best Practices for Achieving Healthcare Cloud Compliance 5 Best Practices for Achieving Healthcare Cloud Compliance

byChristopher Tozzi

Jul 1, 2024

4 Min Read

business people preparing audio visual presentation on collaboration in conference room

Unified Communications

How OpenAI Could Shape the Next Wave of Collaborative Platforms How OpenAI Could Shape the Next Wave of Collaborative Platforms

byEric Krapf, No Jitter

Jun 28, 2024

3 Min Read

Recent in OS

See All OS

abstract string backgroud

PowerShell

Advanced String Manipulation Techniques in PowerShell Advanced String Manipulation Techniques in PowerShell

byBrien Posey

Jun 28, 2024

3 Min Read

pins with words zero trust on a cybernetic board

Linux OS

How To Implement Zero-Trust Security in Linux Environments How To Implement Zero-Trust Security in Linux Environments

byGrant Knoetze

Jun 26, 2024

8 Min Read

IT Mgmt

Recent in IT Mgmt

See All IT Mgmt

person pressing an "IT" button

IT Management

Well-Intentioned Things IT Leaders Do That Hurt Team Productivity Well-Intentioned Things IT Leaders Do That Hurt Team Productivity

byInformationWeek

Jul 1, 2024

2 Min Read

two workers collaborating on computers

IT Operations

Duplicate Tech: A Bottom-Line Issue Worth Resolving Duplicate Tech: A Bottom-Line Issue Worth Resolving

byIndustry Perspectives

Jul 1, 2024

5 Min Read

Career

Recent in Career

See All Career Mgmt

person pressing an "IT" button

IT Management

Well-Intentioned Things IT Leaders Do That Hurt Team Productivity Well-Intentioned Things IT Leaders Do That Hurt Team Productivity

byInformationWeek

Jul 1, 2024

2 Min Read

worker frustrated by coworker's loud talking on the phone

Career Tips

The New Work Etiquette: If You Can't Spot the Jerk, It Might Be You The New Work Etiquette: If You Can't Spot the Jerk, It Might Be You

byThe Washington Post

Jun 27, 2024

6 Min Read

Storage

Recent in Storage

See All Data Storage

data floating

IT Operations

How IT Operations Can Play a Critical Role in Data Management How IT Operations Can Play a Critical Role in Data Management

byChristopher Tozzi

Jun 21, 2024

4 Min Read

virtual data stack

Data Storage

How to Build a Data Stack That Actually Puts You in Charge of Your Data How to Build a Data Stack That Actually Puts You in Charge of Your Data

byIndustry Perspectives

Jun 14, 2024

8 Min Read

Security

Recent in Security

See All IT Security

suspicious executive checking smart phone sitting on a desk at the office

Data Privacy

Is That App Sketchy? Here Are 3 Easy Ways To Check.Is That App Sketchy? Here Are 3 Easy Ways To Check.

byThe Washington Post

Jul 1, 2024

3 Min Read

aerial view of a car dealership lot

Attacks & Breaches

Hacked Software Firm CDK Expects All Dealers Live by July 4 Hacked Software Firm CDK Expects All Dealers Live by July 4

byBloomberg News

Jul 1, 2024

2 Min Read

Dev

Recent in Dev

See All Software Dev

cloud-native

Cloud Native

How Cloud-Native Development Benefits SaaS How Cloud-Native Development Benefits SaaS

byForrester Blog Network

Jun 28, 2024

3 Min Read

blurred programmer behind screen of code

Software Development Techniques

AI-Assisted Development Tools vs. Low-Code/No-Code: What to Use When AI-Assisted Development Tools vs. Low-Code/No-Code: What to Use When

byChristopher Tozzi

Jun 27, 2024

4 Min Read

Recent in DX

See All Digital Transformation

ChatGPT login screen seen on smartphone and laptop displays.

AI & Machine Learning

OpenAI Releases CriticGPT to Catch Chatbot Hallucinations – Is It Enough?OpenAI Releases CriticGPT to Catch Chatbot Hallucinations – Is It Enough?

byDayneé Alejandra Rosales

Jul 1, 2024

2 Min Read

concept art of autonomous tractor scanning agricultural plot

AI & Machine Learning

Robots, Drones and Driverless Tractors Usher In New Age of Farming Robots, Drones and Driverless Tractors Usher In New Age of Farming

byBloomberg News

Jun 27, 2024

6 Min Read

Infrastructure

Recent in Infrastructure

See All Infrastructure

Arati Prabhakar, director of the White House's Office of Science and Technology Policy

High Performance Computing

Biden’s Science Adviser Explains the New Hard Line on China Biden’s Science Adviser Explains the New Hard Line on China

byThe Washington Post

Jun 4, 2024

7 Min Read

Newsletters
How To…?
Industry Perspectives
Business Resources
Reports/Research
Online Events

Live Events
Videos
White Papers
Advertise With Us
About Us

Resource Library

Vulnerabilities & Threats
IT Security

Crush FTP Relative Path Vulnerability

A vulnerability exists that lets an attacker break out of an FTP root.

Ken Pfeil

May 6, 2001

4 Min Read

Reported May 3, 2001, by JoeTesta.

VERSIONS AFFECTED

· CrushFTP Server 2.1.4 for Windows 2000, Windows NT, WindowsMe, and Windows 9x

DESCRIPTION

Avulnerability exists that lets an attacker break out of an FTP root. Forexample, by connecting to a vulnerable host and issuing the change directory(CD) command, an attacker can access the root directory where the FTP server isrunning. An attacker can also use relative paths to download files outside of anFTP root.

DEMONSTRATION

Joe Testa also provided the followingproof-of-concept scenario:

The following is anillustration of the problem. An ftproot of

"c:directorydirectory"was used.

>ftp localhost

Connected toxxxxxxxxxx.rh.rit.edu.

220-Welcome to CrushFTP!

220 CrushFTP Server Ready.

User (xxxxxxxxxx.rh.rit.edu:(none)):jdog

331 Username OK. Need password.

Password:

230-Welcome!