PHPWebFTP version 3.3b suffers from cross site scripting vulnerabilities.
9d68d46015cb9bd4cd46ee567443d110deb5c32da2e2ad61e485ef37bb6e30b2PHPWebFTP ver 3.3b - xss vulnerability , by N_A.
N_A [at] tutanota.com
Vendor has notified
Description
----------------
phpWebFTP enables connections to FTP servers, even behind a firewall not
allowing traffic. phpWebFTP bypasses the firewall by making a FTP connection
from your web server to the FTP server and transferring the files to your web
client over the http protocol
Vulnerability
-------------
PHPWebFTP ver 3.3b allows malicious code injection due to some variables we
can control. This allows an attacker to inject malicious code to carry out
XSS attacks upon the program.
----snip , index.php----
$server=$_SESSION['server'];
$user=$_SESSION['user'];
$password=$_SESSION['password'];
$language=$_SESSION['language'];
$port=$_SESSION['port'];
$passive=$_SESSION['passive'];
----snip , index.php----
further down in the code, the variables are passed without any
security/filtering checks:
----snip, index.php----
$ftp = new ftp($server, $port, $user, $password, $passive);
$ftp->setMode($mode);
$ftp->setCurrentDir($currentDir);
----snip, index.php----
Code injected into the [server] field: <script>alert('executed');</script>
This is also possible for the [username],[port] and [field] options.
N_A [at] tutanota.com
--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed