![]() When accessing the Wing FTP Server remote management panel, the credentials are transmitted in clear, as shown in the image below:Īnother vulnerability found is the unprotected storage of the application's admin credentials. You can also monitor server performance and online sessions and even receive email notifications about various events taking place on the server. And it provides admins with a web-based interface to administrate the server from anywhere. It supports multiple file transfer protocols, including FTP, FTPS, HTTP, HTTPS, and SFTP, giving your clients flexibility in how they connect to the server. Wing FTP Server is an easy-to-use, powerful, and free FTP server software for Windows, Linux, Mac OS, and Solaris. Multiple vulnerability was founded on Wing FTP Server 6.3.8: This PoC explain how to exploit Wing FTP Server 6.3.8 to get Remote Code Execution For authenticated users, this console can be exploited to obtain a reverse shell using the os.execute() function, which is native to LUA.Wing FTP Server 6.3.8 - Remote Code Execution ![]() Wing FTP Server console is written in LUA language. This hash password can easily convert into plain text using an online decrypter. This file can be found in the C:\Program Files\Wing FTP Server\Data\_ADMINISTRATOR location. Admin Credentials on HTTP Request:When an admin logs in to the Wing FTP Server, the credentials are sent in plain text.Ī file named admins.xml contains the username and MD5 hashed password.On Shodan, we observed more than 150 devices that are publicly available on the internet, which may be vulnerable.įollowing vulnerabilities found in Wing FTP server: This vulnerability allows authenticated remote attackers to execute arbitrary commands on the targeted server. Recently, an authenticated RCE vulnerability was found in the Wing FTP Server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |