CVE-2019-10009

MEDIUM

Titan FTP Server 2019 Build 3505 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-10009. PoCs published by Kevin Randall, KevinRandall1337.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Titan FTP Server 2019 Build 3505 via the PreviewHandler.ashx endpoint, allowing authenticated users to read arbitrary files outside the root directory using path traversal techniques.

Description

A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory.

Exploits (2)

exploitdb WORKING POC

by Kevin Randall · textwebappswindows

https://www.exploit-db.com/exploits/46611

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Titan FTP Server 2019 Build 3505 via the PreviewHandler.ashx endpoint, allowing authenticated users to read arbitrary files outside the root directory using path traversal techniques.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Titan FTP Server Version 2019 Build 3505

Auth required

Prerequisites: Authenticated access to Titan FTP Web GUI · BurpSuite or similar intercepting proxy

MITRE ATT&CK