what you don't know can hurt you

Cerberus FTP Server Cross Site Scripting

Cerberus FTP Server Cross Site Scripting
Posted Dec 19, 2012
Authored by catatonicprime

Cerberus FTP server suffers from a cross site scripting vulnerability in the web administration interface.

tags | advisory, web, xss
advisories | CVE-2012-6339
MD5 | 9da50fabf2ed4db1efb87ac182ea7445

Cerberus FTP Server Cross Site Scripting

Change Mirror Download
Overview
===============
Cerberus FTP Server (http://www.cerberusftp.com/) is a secure and
reliable FTP server with many features and available functionality.

It was discovered that the Web Administration interface has multiple
persistent Cross Site Scripting (XSS) vulnerabilities. In the log
viewer there is a XSS vulnerability which may be used by an
unauthenticated user against an authenticated user. In the server
manager a trivial XSS vulnerability exists which may be used by the
authenticated user.

Analysis
===============
To start, the vulnerabilities in the on the "/servermanger" page is
trivial to exploit by escaping the "<textarea>" tags for each
available server message.

The "/log" is less trivial to exploit in that the log page uses
async-javascript callbacks to collect and display log data to the
user. The log clears itself in 2-3 seconds as well. This occurs
normally on an 8 second cycle and I in my experience it was difficult
to have the log populated with appropriate attack vectors during a
window to achieve exploitation.

I believe an administrative user would have to be logged in at the
time of the attack and actively viewing the "/log" page to achieve
successful exploitation. Due to these limitations I believe this to
have a significant effect on the impact and reliability on any
possible exploit code.

For more discussion on these bugs I've created a brief write-up at:
http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html

Timeline
===============

12/05/2012 - Discovered multiple bugs in product vendor's application
12/06/2012 - Disclosure of details to product vendor
12/07/2012 - Vendor created fixes for reported bugs
12/13/2012 - CVE Assignment
12/19/2012 - Public disclosure to Bugtraq

CVE(s)
===============

CVE-2012-6339: Multiple XSS vulnerabilities in Cerberus FTP Web
Administration interface. Affected pages are "/log" and
"/servermanager".

Remediation
===============

Update to the latest version of Cerberus FTP Server.

Special Thanks
===============
Special Thanks to Grant @ Cerberus for his incredible response time
and dedication to secure coding principles.

For more information concerning myself or my research:
sadgeeksinsnow.blogspot.com

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close