Monday, May 31, 2010

Nessus Plugin for VicFTPS Vulnerability

Wrote a Nessus Plugin to test on the VicFTPS Directory Traversal Vulnerability, that was discovered by chr1x (member of our sectester team).

This plugin will exploited the directory traversal vulnerability and return results if successful. I will be sending it to Nessus to get it added into the Plugin Feeds to be share with everyone. You can download the plugin here.

-Test with NASL Interpreter


- Added the Plugin


-Result from a scan


References:
- SecurityFocus: VicFTPS Directory Traversal Vulnerability

2 comments:

Anonymous said...

why not submit it Nessus.org ppl?

w01f said...

I did send to the Nessus support. But they claims that the development team is working on a generic Directory Traversal plugin. So far did not see any of that.

Maybe they are afraid to maintain my plugin if they add into the pool.