exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Cerberus FTP Server Cross Site Scripting

Cerberus FTP Server Cross Site Scripting
Posted Dec 19, 2012
Authored by catatonicprime

Cerberus FTP server suffers from a cross site scripting vulnerability in the web administration interface.

tags | advisory, web, xss
advisories | CVE-2012-6339
SHA-256 | 6b28cd4efe0efed16181b5e08b92d87bf9d077078b76c02a2852907b2bcbb029

Cerberus FTP Server Cross Site Scripting

Change Mirror Download
Overview
===============
Cerberus FTP Server (http://www.cerberusftp.com/) is a secure and
reliable FTP server with many features and available functionality.

It was discovered that the Web Administration interface has multiple
persistent Cross Site Scripting (XSS) vulnerabilities. In the log
viewer there is a XSS vulnerability which may be used by an
unauthenticated user against an authenticated user. In the server
manager a trivial XSS vulnerability exists which may be used by the
authenticated user.

Analysis
===============
To start, the vulnerabilities in the on the "/servermanger" page is
trivial to exploit by escaping the "<textarea>" tags for each
available server message.

The "/log" is less trivial to exploit in that the log page uses
async-javascript callbacks to collect and display log data to the
user. The log clears itself in 2-3 seconds as well. This occurs
normally on an 8 second cycle and I in my experience it was difficult
to have the log populated with appropriate attack vectors during a
window to achieve exploitation.

I believe an administrative user would have to be logged in at the
time of the attack and actively viewing the "/log" page to achieve
successful exploitation. Due to these limitations I believe this to
have a significant effect on the impact and reliability on any
possible exploit code.

For more discussion on these bugs I've created a brief write-up at:
http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html

Timeline
===============

12/05/2012 - Discovered multiple bugs in product vendor's application
12/06/2012 - Disclosure of details to product vendor
12/07/2012 - Vendor created fixes for reported bugs
12/13/2012 - CVE Assignment
12/19/2012 - Public disclosure to Bugtraq

CVE(s)
===============

CVE-2012-6339: Multiple XSS vulnerabilities in Cerberus FTP Web
Administration interface. Affected pages are "/log" and
"/servermanager".

Remediation
===============

Update to the latest version of Cerberus FTP Server.

Special Thanks
===============
Special Thanks to Grant @ Cerberus for his incredible response time
and dedication to secure coding principles.

For more information concerning myself or my research:
sadgeeksinsnow.blogspot.com
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close