CVE-2008-5692

Ipswitch WS_FTP Server Manager <6.1.1 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5692. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The provided text describes an authentication-bypass and information-disclosure vulnerability in WS_FTP Server Manager 6.1.0.0. It references a URL path that could be exploited but does not include functional exploit code.

Description

Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textwebappsasp

https://www.exploit-db.com/exploits/31117

View Code ZIP pw:eip

The provided text describes an authentication-bypass and information-disclosure vulnerability in WS_FTP Server Manager 6.1.0.0. It references a URL path that could be exploited but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Auth Bypass | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: WS_FTP Server Manager 6.1.0.0

No auth needed

Prerequisites: Network access to the target server · WS_FTP Server Manager 6.1.0.0 or prior versions

MITRE ATT&CK