Search found 3 matches

by FrozT2
2011-10-19 16:05
Forum: FileZilla Server Support
Topic: Filezilla Vulnerability
Replies: 7
Views: 5601

Re: Filezilla Vulnerability

Generally when performing a penetration test on production systems we turn-off the check-box which would perform an actual attack as a courtesy to our clients. We don't actually want to destroy anything, just find the holes and plug them... We can assume that FileZilla uses the same input buffer bef...
by FrozT2
2011-10-18 20:51
Forum: FileZilla Server Support
Topic: Filezilla Vulnerability
Replies: 7
Views: 5601

Re: Filezilla Vulnerability

Plugin Output Nessus sent the following two commands in a single packet : AUTH TLS\r\nFEAT\r\n And the server sent the following two responses : 234 Using authentication type TLS 211-Features: MDTM REST STREAM SIZE MODE Z MLST type*;size*;modify*; MLSD AUTH SSL AUTH TLS UTF8 CLNT MFMT 211 End Descri...
by FrozT2
2011-10-17 16:10
Forum: FileZilla Server Support
Topic: Filezilla Vulnerability
Replies: 7
Views: 5601

Filezilla Vulnerability

I was performing a penetration test using Nessus on client with a FileZilla server and I got the following medium severity event: FTP Service AUTH TLS Plaintext Command Injection I instructed my client to upgrade their FileZilla server to the latest version and he did so. I then re-ran the test and ...