CVE-2009-4800

Sysax Multi Server 4.3 and 4.5 - Authenticated Path Traversal via DELE Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4800. PoCs published by Jonathan Salwan.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Sysax Multi Server v4.3 via malformed FTP DELE commands, allowing arbitrary file deletion. It authenticates with provided credentials and sends a crafted DELE request with '..//' sequences to escape the FTP root.

Description

Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 allows remote authenticated users to delete arbitrary files via a ..// (dot dot slash slash) in a DELE command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jonathan Salwan · cremotewindows

https://www.exploit-db.com/exploits/8256

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Sysax Multi Server v4.3 via malformed FTP DELE commands, allowing arbitrary file deletion. It authenticates with provided credentials and sends a crafted DELE request with '..//' sequences to escape the FTP root.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Sysax Multi Server v4.3

Auth required

Prerequisites: network access to the FTP service · valid credentials for authentication

MITRE ATT&CK