Exploiting FTP clients using PASV command

Finally, i am back home to Singapore again. I am so happy and my mood starts to brighten again. I was researching about web security and i came across Wade Alcorn's website. He found out that it was possible to launch a reverse shell and own a Asterisk server using inter-protocol Exploitation. Also, check out BeEF, which is equivalent to Metasploit type of framework for web applications. Lastly, do check out the FTP PASV command manipulation which allows FTP servers to cause vulnerable FTP clients to connect to other hosts.

"The paper discusses how the FTP client flaw in detail and demonstrates how it can be used to attack common web browsers such as Konqueror, Opera and Firefox. Proof of concept code is presented that extends existing JavaScript port-scanning techniques to scan any TCP port from Firefox (even though it now implements "port banning" restrictions)."

http://www.bindshell.net/papers/ftppasv

The Hacka Man