![]() For authenticated users, this console can be exploited to obtain a reverse shell using the os.execute() function, which is native to LUA. ![]() Wing FTP Server console is written in LUA language. This hash password can easily convert into plain text using an online decrypter. This file can be found in the C:\Program Files\Wing FTP Server\Data\_ADMINISTRATOR location. Free client FTP Rush for FTP/SFTP file transfer. Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code via a crafted request to adminluascript.html or (2) add a domain administrator via a crafted request to adminaddadmin.html. Multiple Protocols Support FTP, FTPS, SFTP, and HTTP/HTTPS. Admin Credentials on HTTP Request:When an admin logs in to the Wing FTP Server, the credentials are sent in plain text.Ī file named admins.xml contains the username and MD5 hashed password. Free Edition After the trial period, you can continue using it as a Free edition for non-commercial use. ![]() On Shodan, we observed more than 150 devices that are publicly available on the internet, which may be vulnerable.įollowing vulnerabilities found in Wing FTP server: ![]() This vulnerability allows authenticated remote attackers to execute arbitrary commands on the targeted server. Recently, an authenticated RCE vulnerability was found in the Wing FTP Server. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |