Opened 23 years ago
Last modified 23 years ago
#123 closed Bug report
server lets you use .. outside root
Reported by: | kimihia | Owned by: | |
---|---|---|---|
Priority: | critical | Component: | Other |
Keywords: | Cc: | kimihia, Tim Kosse | |
Component version: | Operating system type: | ||
Operating system version: |
Description
You can use '..' to see below the root of a directory.
ftp> ls ..
200 Port command successful
150 Opening data channel for directory list.
site1
site2
226 Transfer OK
For example, directories are set up like so:
c:\ftp
c:\ftp\site1
c:\ftp\site2
I have a user "anonymous" set up as follows:
c:\ftp\site1
Files: read
Directories: list, subdirs
Show relative paths
0.6.0 beta.
Change History (2)
comment:1 by , 23 years ago
comment:2 by , 23 years ago
Thanks for reporting this security hole, fixed in FileZilla Server
0.7.2
Note:
See TracTickets
for help on using tickets.
Still a problem in 0.7.0.