‘TFTPD32 Directory Traversal Vulnerability’
Summary
‘TFTPD32 is a Freeware TFTP server for windows 9x/NT/XP. It provides an implementation of the TFTPv2 protocol (specified in the RFC 1350).
A vulnerability in the product allows remote attackers to view any file on the system as well as write to arbitrary locations.’
Credit:
‘The information has been provided by SecurITeam Experts.’
Details
‘Vulnerable systems:
* TFTP32 version 2.50.2 and prior
Immune systems:
* TFTP32 version 2.51
Exploit:
Getting files:
tftp host GET /boot.ini
Storing files:
tftp host PUT myfile /boot.ini‘