module
QuickShare File Server 1.2.1 Directory Traversal Vulnerability
| Disclosed | Created |
|---|---|
| Feb 3, 2011 | May 30, 2018 |
Disclosed
Feb 3, 2011
Created
May 30, 2018
Description
This module exploits a vulnerability found in QuickShare File Server's FTP
service. By supplying "../" in the file path, it is possible to trigger a
directory traversal flaw, allowing the attacker to read a file outside the
virtual directory. By default, the "Writable" option is enabled during account
creation, therefore this makes it possible to create a file at an arbitrary
location, which leads to remote code execution.
service. By supplying "../" in the file path, it is possible to trigger a
directory traversal flaw, allowing the attacker to read a file outside the
virtual directory. By default, the "Writable" option is enabled during account
creation, therefore this makes it possible to create a file at an arbitrary
location, which leads to remote code execution.
Authors
modpr0be
sinn3r sinn3r@metasploit.com
sinn3r sinn3r@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.