exploit the possibilities

Cerberus FTP Server Cross Site Scripting

Cerberus FTP Server Cross Site Scripting
Posted Dec 19, 2012
Authored by catatonicprime

Cerberus FTP server suffers from a cross site scripting vulnerability in the web administration interface.

tags | advisory, web, xss
advisories | CVE-2012-6339
MD5 | 9da50fabf2ed4db1efb87ac182ea7445

Cerberus FTP Server Cross Site Scripting

Change Mirror Download
Overview
===============
Cerberus FTP Server (http://www.cerberusftp.com/) is a secure and
reliable FTP server with many features and available functionality.

It was discovered that the Web Administration interface has multiple
persistent Cross Site Scripting (XSS) vulnerabilities. In the log
viewer there is a XSS vulnerability which may be used by an
unauthenticated user against an authenticated user. In the server
manager a trivial XSS vulnerability exists which may be used by the
authenticated user.

Analysis
===============
To start, the vulnerabilities in the on the "/servermanger" page is
trivial to exploit by escaping the "<textarea>" tags for each
available server message.

The "/log" is less trivial to exploit in that the log page uses
async-javascript callbacks to collect and display log data to the
user. The log clears itself in 2-3 seconds as well. This occurs
normally on an 8 second cycle and I in my experience it was difficult
to have the log populated with appropriate attack vectors during a
window to achieve exploitation.

I believe an administrative user would have to be logged in at the
time of the attack and actively viewing the "/log" page to achieve
successful exploitation. Due to these limitations I believe this to
have a significant effect on the impact and reliability on any
possible exploit code.

For more discussion on these bugs I've created a brief write-up at:
http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html

Timeline
===============

12/05/2012 - Discovered multiple bugs in product vendor's application
12/06/2012 - Disclosure of details to product vendor
12/07/2012 - Vendor created fixes for reported bugs
12/13/2012 - CVE Assignment
12/19/2012 - Public disclosure to Bugtraq

CVE(s)
===============

CVE-2012-6339: Multiple XSS vulnerabilities in Cerberus FTP Web
Administration interface. Affected pages are "/log" and
"/servermanager".

Remediation
===============

Update to the latest version of Cerberus FTP Server.

Special Thanks
===============
Special Thanks to Grant @ Cerberus for his incredible response time
and dedication to secure coding principles.

For more information concerning myself or my research:
sadgeeksinsnow.blogspot.com

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close