Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
2
I don't know if it's specific to my server, FileZilla, but I found something that could be a HUGE security flaw: you can be connected to the passive mode port from a totally different IP. And, when the RETR command is issued to retrieve a file, the file simply gets transferred to the other computer attached to the port. I was simply messing around with Ncat from the Nmap project when I came upon this thought. So I got my friend (whom I was chatting with) to run it and connect, and what do you know, it simply transferred all the data there. Is this already known, and is it really much to worry about?
2 replies to this topic
#1
Posted 10 November 2011 - 06:45 PM
mebob
-
- Members
-
- 490 posts
Programming Expert
Latinamne loqueris?
Back to top|
|
|
#2
Posted 10 November 2011 - 11:08 PM
Alexander
-
- Moderators
-
- 4,120 posts
It's Science!
- Location:Vancouver, Eh! Cleverness: 200
It is hard to understand exactly what you are describing.
When you enter the RETR command on a file, it somehow transfers to whatever local folder they have open? The other way around?
It appears that you are saying their RETR command retrieves a file to their system, which is to be expected.
When you enter the RETR command on a file, it somehow transfers to whatever local folder they have open? The other way around?
It appears that you are saying their RETR command retrieves a file to their system, which is to be expected.
Be sure to read the updated FAQ! || Health is achieved through the same 10,000 steps.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.
#3
Posted 11 November 2011 - 11:30 AM
mebob
-
- Members
-
- 490 posts
Programming Expert
This is what I meant originally:
Let's say there are three computers involved: a client, a server, and a malicious user. The client connects to port 21 for FTP on the server. When the client issues the PASV command, the malicious user connects to one of the passive ports on the server (the only problem is determining which port). When the client issues the RETR command, because the malicious user is connected to the data port instead of the regular client, the malicious user receives the file.
I now see why this isn't really an issue, because unless a client is very poorly designed, it wouldn't issue the RETR command without being able to connect to the data port :D Sorry, I was kinda tired when I asked the question.
Let's say there are three computers involved: a client, a server, and a malicious user. The client connects to port 21 for FTP on the server. When the client issues the PASV command, the malicious user connects to one of the passive ports on the server (the only problem is determining which port). When the client issues the RETR command, because the malicious user is connected to the data port instead of the regular client, the malicious user receives the file.
I now see why this isn't really an issue, because unless a client is very poorly designed, it wouldn't issue the RETR command without being able to connect to the data port :D Sorry, I was kinda tired when I asked the question.
Latinamne loqueris?
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
