#!usr/bin/perl -w
###
# XM Easy Personal FTP Server 5.x allows remote attackers to cause a denial
of service
# via a "HELP" or "TYPE" command with an overly long argument.
# Refer:
#
Greetings All,
I am trying to reproduce the issue, but php is reporting some error:
like fail to open lang/../../../../../../../../../../etc/passwd%00;
path=//lang.php.
vulnerable code is:
include("lang/".$_SESSION['language']."/lang.php");
exploit is: ../../../../../../../../../../etc/passwd
Hi Gavin even with the manager previleges it is possible to exploit this issue.