what you don't know can hurt you

Cerberus FTP Server Cross Site Scripting

Cerberus FTP Server Cross Site Scripting
Posted Dec 19, 2012
Authored by catatonicprime

Cerberus FTP server suffers from a cross site scripting vulnerability in the web administration interface.

tags | advisory, web, xss
advisories | CVE-2012-6339
MD5 | 9da50fabf2ed4db1efb87ac182ea7445

Cerberus FTP Server Cross Site Scripting

Change Mirror Download
Overview
===============
Cerberus FTP Server (http://www.cerberusftp.com/) is a secure and
reliable FTP server with many features and available functionality.

It was discovered that the Web Administration interface has multiple
persistent Cross Site Scripting (XSS) vulnerabilities. In the log
viewer there is a XSS vulnerability which may be used by an
unauthenticated user against an authenticated user. In the server
manager a trivial XSS vulnerability exists which may be used by the
authenticated user.

Analysis
===============
To start, the vulnerabilities in the on the "/servermanger" page is
trivial to exploit by escaping the "<textarea>" tags for each
available server message.

The "/log" is less trivial to exploit in that the log page uses
async-javascript callbacks to collect and display log data to the
user. The log clears itself in 2-3 seconds as well. This occurs
normally on an 8 second cycle and I in my experience it was difficult
to have the log populated with appropriate attack vectors during a
window to achieve exploitation.

I believe an administrative user would have to be logged in at the
time of the attack and actively viewing the "/log" page to achieve
successful exploitation. Due to these limitations I believe this to
have a significant effect on the impact and reliability on any
possible exploit code.

For more discussion on these bugs I've created a brief write-up at:
http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html

Timeline
===============

12/05/2012 - Discovered multiple bugs in product vendor's application
12/06/2012 - Disclosure of details to product vendor
12/07/2012 - Vendor created fixes for reported bugs
12/13/2012 - CVE Assignment
12/19/2012 - Public disclosure to Bugtraq

CVE(s)
===============

CVE-2012-6339: Multiple XSS vulnerabilities in Cerberus FTP Web
Administration interface. Affected pages are "/log" and
"/servermanager".

Remediation
===============

Update to the latest version of Cerberus FTP Server.

Special Thanks
===============
Special Thanks to Grant @ Cerberus for his incredible response time
and dedication to secure coding principles.

For more information concerning myself or my research:
sadgeeksinsnow.blogspot.com

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    3 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    11 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close