CVE-2023-22629 PoC — South River Technologies TitanFTP NextGen 路径遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2023/CVE-2023-22629.yaml

Associated Vulnerability

Title:South River Technologies TitanFTP NextGen 路径遍历漏洞 (CVE-2023-22629)
Description:South River Technologies TitanFTP NextGen（South River Technologies Titan FTP NextGen）是美国South River Technologies公司的一款本机支持集群以实现高可用性和故障转移的 SFTP/FTP 服务器。 South River Technologies TitanFTP NextGen 1.94.1205版本及之前版本存在安全漏洞，该漏洞源于move-file函数的 newPath 参数中存在路径遍历漏洞。攻

Description

TitanFTP versions up to 1.94.1205 contain a path traversal vulnerability in the move-file function where the newPath parameter is improperly validated. An authenticated user can upload a file and then move it to any location on the server filesystem, potentially allowing arbitrary file placement and system compromise.

File Snapshot


 id: CVE-2023-22629

info:
  name: TitanFTP move-file Function ≤ 1.94.1205 - Path Traversal
  author:

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!