EIP-2026-118329

PRE-CVE

BolinTech DreamFTP Server 1.02 - 'users.dat' Arbitrary File Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118329. PoCs published by Cyber-Zone.

AI-analyzed exploit summary This Perl script exploits an arbitrary file disclosure vulnerability in Dream FTP Server 1.02 by fetching the 'users.dat' file, which contains user credentials. It uses FTP commands to navigate directories and retrieve the file via a passive mode connection.

Description

BolinTech DreamFTP Server 1.02 - 'users.dat' Arbitrary File Disclosure

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cyber-Zone · perlremotewindows

https://www.exploit-db.com/exploits/8525

View Code ZIP pw:eip

This Perl script exploits an arbitrary file disclosure vulnerability in Dream FTP Server 1.02 by fetching the 'users.dat' file, which contains user credentials. It uses FTP commands to navigate directories and retrieve the file via a passive mode connection.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Dream FTP Server 1.02

No auth needed

Prerequisites: Network access to the FTP server · FTP server running on a known port

MITRE ATT&CK

T1083 - File and Directory Discovery T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026