Netwin SurgeFTP server version 23d6 suffers from multiple stored cross site scripting vulnerabilities.
8a738fcf73b0741fa19ac83402727e9db5fc3288bf5f2c65355a00eec7780e86********************************************************************************************
# Exploit Netwin SurgeFTP Sever Stored Cross Site Scripting Vulnerabilities
# Date: 11/18/2015
# Exploit Author: Un_N0n
# Vendor: NetWin
# Software Link: http://netwinsite.com/cgi-bin/keycgi.exe?cmd=download&product=surgeftp
# Version: 23d6
# Tested on: Windows 7 x64(64bit)
********************************************************************************************
[Info]
Surgeftp web-interface suffers with multiple Stored XSS vulnerabilities.
They are:
Stored XSS in 'Domain Name' field.
[How to?]
1. Open SurgeFTP web interface, Click on global option from the menu.
2. Add a new domain, in 'Domain Name' field, add in this(<img src=x onmouseover=alert(1)>) payload.
3. Save, then navigate to main page, hover mouse over 'broken image' in 'domains' section.
Stored XSS in 'Mirrors'.
[How to?]
1. Open surgeftp web interface, Click on 'Mirrors' option from the menu.
2. Click on Add Mirror, in 'Local path' & 'Remote Host' field add in this(<img src=x onmouseover=alert(1)>) payload.
3. Save, then navigate to 'Mirror' page again, Hover mouse over the 'broken image' in 'local path' & 'remote host' field.
Previously, Somebody else reported Stored XSS vulnerabilities in SurgeFTP.
Vendor tried to fix the previously reported XSS vulnerabilities by blacklisting only the <script>alert('blah')</script> payload
which is well not a good practice since i have triggered the same vulnerability by just entering different XSS payload,
therefore White-listing is the correct solution.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed