Opened 9 years ago

Closed 9 years ago

#7328 closed Bug report (fixed)

Filezilla server allows access to directorys above the defined shared dir

Reported by: Louis van Breda Owned by:
Priority: normal Component: FileZilla Server
Keywords: Cc: Latest
Component version: Operating system type: Windows
Operating system version: Window7 64 bit

Description

Hello,

I noticed a severe security leak this morning. When you define shared folders for a user eg.:

  • W:\MyFTP\jan

and add another shared folder e.a.

  • W:\MyHomePage\Blog\jan\wp-content\uploads

Then filezilla server gives "jan access to:

  • W:\MyFTP\jan and

W:\MyHomePage\Blog\jan (ignoring the rest of the path)

Very sevire IMHO

Louis

Change History (1)

comment:1 by Louis van Breda, 9 years ago

Priority: criticalnormal
Resolution: fixed
Status: newclosed

Hello,

Sorry, the bug does not exist. I was (and still are) confused about the server site directorys as shown in the client.

They dot not appear the way I would expect:
/
/pathalias_1/
/pathalias_2/

etc.

So I mixed up the FTP root dir and the extra share because im my case they have the same structure.

Sorry

Note: See TracTickets for help on using tickets.