Exploitation Summary
EIP tracks 1 public exploit for CVE-2005-1002. PoCs published by Pedro Viuales & Rom Ramirez.
AI-analyzed exploit summary This exploit demonstrates an arbitrary file disclosure vulnerability in LOG-FT by crafting HTTP GET requests with manipulated parameters to read sensitive files like win.ini or /etc/passwd. The issue stems from improper access validation in the logwebftbs2000.exe CGI script.
Description
logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows remote attackers to read arbitrary files via modified (1) VAR_FT_LANG and (2) VAR_FT_TMPL parameters.
Exploits (1)
This exploit demonstrates an arbitrary file disclosure vulnerability in LOG-FT by crafting HTTP GET requests with manipulated parameters to read sensitive files like win.ini or /etc/passwd. The issue stems from improper access validation in the logwebftbs2000.exe CGI script.