← Back to context

Comment by acqq

11 years ago

You mean this: http://en.wikipedia.org/wiki/File_eXchange_Protocol ? So what's about

"Enabling FXP support can make a server vulnerable to an exploit known as FTP bounce. As a result of this, FTP server software often has FXP disabled by default."

1 comment

acqq

Reply
peterwwillis  11 years ago

That's.... dumb. It's not a vulnerability, it's a feature. The entire point of using FXP is to connect one server to another remote server. With FTP it was a "vulnerability" because people didn't expect users to send files or connect to random hosts, but with FXP it's the whole point of the protocol. (FTP bounce attacks have also been a solved issue for decades)