Maksymilian Arciemowicz has published an advisory outlining how one can perform CSRF attacks against FTP services, in this case Sun Solaris 10 ftpd. An attacker could embed a payload such as the following to execute commands on ftpd.

<img src="ftp://.....////SITE%20CHMOD%20777%20FILENAME";>





The NetBSD team addressed this issue by failing on large commands. The interesting thing here is that since CSRF tokens are not available in FTP, the developers were forced to remove functionality in order to mitigate this. Makes you wonder what other features may disappear from non web services in the future, to mitigate attacks launched from websites....

Full Advisory: http://seclists.org/bugtraq/2010/May/218