Problems with the Write Access permission in the FTP service

Author: WinEggDrop

Many movie websites, forums, or other organizations allow users to upload movies or exchange files to facilitate Member or member uploads, because only this permission allows users to upload files, however, this permission can cause a major problem on the ftp server that allows resumable upload.

All ftp server programs that allow resumable upload must support a "Rest" command. If this command is used before the Upload Command (send command ), it tells the ftp server where the file I want to upload starts to be written from the location where the file exists on the ftp server.

Example:
Assume that there is a readme.txt file in the ftpserver. The file size is 1000 bytes and the file size is 500 bytes. Okay, I am starting to do something bad.
1. Connect the ftpserver (using the ftp.exeof the system, the Intranet can be used without authorization, because ftp.exe uses the port mode)
2.dir( readme.txt size, determined to be 1000 bytes)
3. quote rest 1000 (tell the ftp server that the file I want to transfer starts from File Location 1000)
4. send Readme.txt
5.dir( readme.txt, readme.txt is changed to 1500 bytes now)

Is readme.txt larger? It is very simple because the 500-byte readme.txt of my notebook is successfully uploaded and written to f!
The 1000 bytesreadme.txt file exists in the tp server. the problem lies in the second command. If there is no second command, my 4th command (Send Readme.txt) will get a Permission Deny error, the second command is to allow the ftp server to trust us to re-upload a breakpoint. If there is no second command, the ftp server will assume that we are performing an operation to overwrite the original file (overwriting the original file requires additional permissions ).

Here, you should understand the theme. Through simple operations, any user with write permission can change the files uploaded by other users, A large security vulnerability exists. if an important file is uploaded, arbitrary modification can completely damage the file. If it is an executable file or some zip or rarfile, will it be a genius familiar with various file structures, adding some malicious code to those files causes the executor system to be damaged or execute their backdoor code or others, because they are not familiar with the structure of these files, I only say this is an unknown number, but in the computer world, many impossible things are finally made possible, so I cannot make a conclusion. however, it is very destructive to destroy a file. If someone adds more bytes to a MB video file, it is estimated that it will not be able to be watched again, programs that play these files generally say that they are not legal video files and cannot be played. As for zip and rar files?
? Winzip or winrar will definitely say that the compressed file has been damaged, and the crc check code is incorrect!
Error. <br
>
This problem only exists in the FTP service that allows resumable data transfer, but now 90% of FTP service programs allow resumable data transfer. Therefore, this problem is common in FTP servers. if the above mentioned problem has been found and posted online, I am suspected of plagiarism. Forgive me for my ignorance, because I have not seen any articles about the problem on the Internet.

Defense methods:
If you need to grant the upload permission to the user, the best precaution is that each user creates a directory for the user and completely locks the user's permissions in the directory, then the user has no permission to view the directories of other users, that is, the above damages cannot be caused. this is one of the simplest and most convenient solutions I have come up with. If you have any idea of a more effective solution, I can discuss it with you.

The above mentioned has been tested in serv-u V4.0, and the testing platform is win 2 k server. if this problem does not exist in other ftp service programs, it will not be discussed in this article. in windows, the most popular ftp service is serv-u, so the administrators should pay more attention to it. this article does not mean to teach people to do bad things. If you use this method to destroy ftp server files, the only responsible person is you. quoting the story of the Ancient Dragon: "There is nothing wrong with the knife itself, but it is wrong to take its hand ".