Opened 14 years ago
Closed 14 years ago
#7328 closed Bug report (fixed)
Filezilla server allows access to directorys above the defined shared dir
| Reported by: | Louis van Breda | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | FileZilla Server |
| Keywords: | Cc: | Latest | |
| Component version: | Operating system type: | Windows | |
| Operating system version: | Window7 64 bit |
Description
Hello,
I noticed a severe security leak this morning. When you define shared folders for a user eg.:
- W:\MyFTP\jan
and add another shared folder e.a.
- W:\MyHomePage\Blog\jan\wp-content\uploads
Then filezilla server gives "jan access to:
- W:\MyFTP\jan and
W:\MyHomePage\Blog\jan (ignoring the rest of the path)
Very sevire IMHO
Louis
Change History (1)
comment:1 by , 14 years ago
| Priority: | critical → normal |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Hello,
Sorry, the bug does not exist. I was (and still are) confused about the server site directorys as shown in the client.
They dot not appear the way I would expect:
/
/pathalias_1/
/pathalias_2/
etc.
So I mixed up the FTP root dir and the extra share because im my case they have the same structure.
Sorry