CVE-2010-3867 PoC — ProFTPD mod_site_misc模块多个目录遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2010/CVE-2010-3867.yaml

Associated Vulnerability

Title:ProFTPD mod_site_misc模块多个目录遍历漏洞 (CVE-2010-3867)
Description:ProFTPD 是一款开放源代码FTP服务程序。 ProFTPD 1.3.3c之前版本中的mod_site_misc模块中存在多个目录遍历漏洞。远程认证用户可以借助(1)SITE MKDIR，(2)SITE RMDIR，(3)SITE SYMLINK，或者(4)SITE UTIME命令中的目录遍历序列创建目录，删除目录，创建符号链接，以及修改文件时间。

Description

ProFTPD versions before 1.3.3c contain directory traversal vulnerabilities in the mod_site_misc module. The vulnerability allows attackers to traverse directories and potentially overwrite arbitrary files on the system through crafted input to commands like SITE MKDIR and other SITE commands.

File Snapshot


 id: CVE-2010-3867

info:
  name: ProFTPD < 1.3.3c - Directory Traversal via mod_site_misc
  author: 

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!