Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
plugin 11112
ammann at lanl
Dec 24, 2008, 10:18 AM
Post #1 of 2 (4927 views)
Permalink
This generic ftp traversal test uses anonymous:nessus@<hostname>. I
found an ftp server this morning with a traversal vulnerability, but it
doesn't accept "anonymous". It did, however, accept Administrator:"" and
guest:guest and guest:"". The null passwords were reported by 10166 and
11160. It would be quite useful if this plugin tried the traversal if
ftp access was gained in any way.

Cheryl
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
Re: plugin 11112 [ In reply to ]
deraison at nessus
Dec 29, 2008, 1:23 AM
Post #2 of 2 (4614 views)
Permalink
On Dec 24, 2008, at 7:18 PM, Cheryl Ammann wrote:

> This generic ftp traversal test uses anonymous:nessus@<hostname>. I
> found an ftp server this morning with a traversal vulnerability, but
> it
> doesn't accept "anonymous". It did, however, accept Administrator:""
> and
> guest:guest and guest:"". The null passwords were reported by 10166
> and
> 11160. It would be quite useful if this plugin tried the traversal if
> ftp access was gained in any way.

The problem is that anonymous access is a special case -- it's
supposed to be confined into a given subdirectory (ie: doing a
cd ../../../../../ should take you to /home/ftp on Unix).

Administrator (or Guest) are not supposed to be confined to their home
directories. If you can log in with these accounts, you're likely to
be able to traverse elsewhere in the FTP hierarchy.


-- Renaud



_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal