what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Cerberus FTP Server Cross Site Scripting

Cerberus FTP Server Cross Site Scripting
Posted Dec 19, 2012
Authored by catatonicprime

Cerberus FTP server suffers from a cross site scripting vulnerability in the web administration interface.

tags | advisory, web, xss
advisories | CVE-2012-6339
SHA-256 | 6b28cd4efe0efed16181b5e08b92d87bf9d077078b76c02a2852907b2bcbb029

Cerberus FTP Server Cross Site Scripting

Change Mirror Download
Overview
===============
Cerberus FTP Server (http://www.cerberusftp.com/) is a secure and
reliable FTP server with many features and available functionality.

It was discovered that the Web Administration interface has multiple
persistent Cross Site Scripting (XSS) vulnerabilities. In the log
viewer there is a XSS vulnerability which may be used by an
unauthenticated user against an authenticated user. In the server
manager a trivial XSS vulnerability exists which may be used by the
authenticated user.

Analysis
===============
To start, the vulnerabilities in the on the "/servermanger" page is
trivial to exploit by escaping the "<textarea>" tags for each
available server message.

The "/log" is less trivial to exploit in that the log page uses
async-javascript callbacks to collect and display log data to the
user. The log clears itself in 2-3 seconds as well. This occurs
normally on an 8 second cycle and I in my experience it was difficult
to have the log populated with appropriate attack vectors during a
window to achieve exploitation.

I believe an administrative user would have to be logged in at the
time of the attack and actively viewing the "/log" page to achieve
successful exploitation. Due to these limitations I believe this to
have a significant effect on the impact and reliability on any
possible exploit code.

For more discussion on these bugs I've created a brief write-up at:
http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html

Timeline
===============

12/05/2012 - Discovered multiple bugs in product vendor's application
12/06/2012 - Disclosure of details to product vendor
12/07/2012 - Vendor created fixes for reported bugs
12/13/2012 - CVE Assignment
12/19/2012 - Public disclosure to Bugtraq

CVE(s)
===============

CVE-2012-6339: Multiple XSS vulnerabilities in Cerberus FTP Web
Administration interface. Affected pages are "/log" and
"/servermanager".

Remediation
===============

Update to the latest version of Cerberus FTP Server.

Special Thanks
===============
Special Thanks to Grant @ Cerberus for his incredible response time
and dedication to secure coding principles.

For more information concerning myself or my research:
sadgeeksinsnow.blogspot.com
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close