Questions tagged «attack-vector»

3
对包含空格的目录进行FTP目录遍历攻击
我在封闭的参考环境中进行了受制裁的笔试,并且在看似简单的问题上挣扎,我目前无法解决。 尝试对运行在MS Windows OS上的易受攻击的Fermitter FTP服务器执行目录遍历攻击时,可以在系统根目录上执行LIST(地址和内容列表更改为仅供参考): # ftp 192.168.13.22 Connected to 192.168.13.22. 220 Femitter FTP Server ready. Name (192.168.13.22:root): 331 Password required for root. Password: 230 User root logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls ../../../../ 200 Port command successful. 150 Opening data …
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.