‘Shambala FTP server Directory Traversal’

Summary

Shambala is a low cost, multi-featured FTP and Web server distributed by Evolvable Corporation. A security vulnerability in the product allows remote attackers to traverse outside the normal scope of the FTP root directory. ‘

Credit:

‘The information has been provided by alt3kx!.’


Details

Vulnerable systems:
Shambala version 4.5

A user sending the command ‘CWD …’ to the Shambala FTP server is able to access directories that reside outside the normal FTP root directory, which he should not be allowed to access.’

Categories: Windows