|
Hello,
I'm using wget with a simple perl script to browse
some FTP directories (I don't want to use Net::FTP).
Actually, I figure out that this function
(ftp_get_listings) on ftp.c always saves the listing
file on .listings which I think could be some kind of vulnerability since anyone
can symlink .listings to /etc/passwd for example. Then, when root runs wget on
someone else's directory, the .listings would be overritten.
I couldn't find an option to define another file
name of .listings.
see you
Daniel Lafraia
|
- Re: ftp.c : ftp_get_listings() Daniel Lafraia
- Re: ftp.c : ftp_get_listings() Dan Harkless
