Home / os / winmobile

PHPWebFTP 3.3b Cross Site Scripting

Posted on 14 May 2016

PHPWebFTP ver 3.3b - xss vulnerability , by N_A. N_A [at] tutanota.com Vendor has notified Description ---------------- phpWebFTP enables connections to FTP servers, even behind a firewall not allowing traffic. phpWebFTP bypasses the firewall by making a FTP connection from your web server to the FTP server and transferring the files to your web client over the http protocol Vulnerability ------------- PHPWebFTP ver 3.3b allows malicious code injection due to some variables we can control. This allows an attacker to inject malicious code to carry out XSS attacks upon the program. ----snip , index.php----     $server=$_SESSION['server'];     $user=$_SESSION['user'];     $password=$_SESSION['password'];     $language=$_SESSION['language'];     $port=$_SESSION['port'];     $passive=$_SESSION['passive']; ----snip , index.php---- further down in the code, the variables are passed without any security/filtering checks: ----snip, index.php----     $ftp = new ftp($server, $port, $user, $password, $passive);     $ftp->setMode($mode);     $ftp->setCurrentDir($currentDir); ----snip, index.php---- Code injected into the [server] field: <script>alert('executed');</script> This is also possible for the [username],[port] and [field] options. N_A [at] tutanota.com -- Securely sent with Tutanota. Claim your encrypted mailbox today! https://tutanota.com

 

TOP