In order to facilitate members or members to upload movies or exchange files, many movie websites, forums or other institutions allow users to upload files, because only if this permission is allowed, users can upload files, but this permission is limited to FTP servers that allow breakpoint re-uploading. , can cause big problems.
FTP server programs that allow retransmission after breakpoints must support a "Rest" command. If this command is used before the upload command (send command), it tells the FTP server that the file I want to upload will exist from the FTP server. Where to start writing in that file.
example:
Suppose there is a file Readme.txt in the ftp server. The file size is 1000 bytes. Connect to this ftp server (assuming I have write permissions. The ftp server supports breakpoint retransmission). I also have a file called Readme.txt locally. file, the file size is 500 bytes. Okay, I started doing bad things.
1. Connect to this ftp server (use the ftp://ftp.exe/ that comes with the system. It may not be available on the intranet because ftp://ftp.exe/ uses port mode)
2. dir (check the size of Readme.txt and confirm it is 1000 bytes)
3. quote rest 1000 (tell the ftp server that the file I want to transfer starts from file position 1000)
4. send Readme.txt
5. dir (check the size of Readme.txt again, now Readme.txt has become 1500 bytes)
Why does Readme.txt become larger? It's simple, because the 500 bytes of my local Readme.txt was successfully uploaded and written to the 1000 bytes Readme.txt file that exists in the ftp server. The problem is with the second command. Without the second command, my fourth command (Send Readme.txt) will get a Permission Deny error. The second command is to let the ftp server trust what we are about to do. If there is no second command for a breakpoint and retransmission operation, the ftp server will think that we are performing an operation of overwriting the original file (the operation of overwriting the original file requires additional permissions).
Having said this, everyone should understand the meaning of the topic. With a very simple operation, any user with write permissions can modify files uploaded by other users. This alone creates a huge security vulnerability. If the uploaded file is an important file, random modifications can completely destroy the file; if it is an executable file or some zip or rar files, will some genius lunatic who is familiar with various file structures add some malicious code to those files? files, causing the executor's system to be damaged or execute their backdoor code or other things. Since I am not familiar with the structure of these files, I only say that this is an unknown number.
But in the computer world, many impossible things are finally made possible, so I can't make a final conclusion. But just the fact that it can damage the file is already very destructive. Think about a 500M movie and television file. If someone adds extra bytes to it, it will probably no longer be able to be viewed. The programs that play these files are generally They will all say that they are not legal video files and cannot be played, etc. As for zip, rar and other files, winzip or winrar will definitely say that the compressed file has been damaged, the crc check code is incorrect, etc.
This problem only exists in FTP services that allow retransmission after breakpoints, but now 90% of FTP service programs allow retransmission after breakpoints, so this problem will exist in common FTP servers.
Prevention methods:
If you must give users upload permissions, the best way to prevent it is to create a directory for each user and completely lock that user's permissions in this directory. Then the user will not have permission to view other users' directories. This means that it cannot cause the damage mentioned above.
The above mentioned has been tested in Serv-U V4.0, and the test platform is Win 2K Server. If other ftp service programs do not have this problem, it is beyond the scope of this article. Nowadays, when setting up ftp servers in Windows systems, Serv-U is the most commonly used and popular one, so administrators should pay more attention. This article is not to teach people to do bad things. If you use this method to destroy the files on the ftp server, the only person responsible is you. To quote a sentence from Gu Long's novel: "There is nothing wrong with the knife itself, but the hand holding it is wrong."