PHPWebFTP ver 3.3b - xss vulnerability , by N_A.
N_A [at] tutanota.com


Vendor has notified



Description
----------------



phpWebFTP enables connections to FTP servers, even behind a firewall not 
allowing traffic. phpWebFTP bypasses the firewall by making a FTP connection 
from your web server to the FTP server and transferring the files to your web 
client over the http protocol



Vulnerability
-------------


PHPWebFTP ver 3.3b allows malicious code injection due to some variables we 
can control. This allows an attacker to inject malicious code to carry out 
XSS attacks upon the program.


----snip , index.php----

    $server=$_SESSION['server'];
    $user=$_SESSION['user'];
    $password=$_SESSION['password'];
    $language=$_SESSION['language'];
    $port=$_SESSION['port'];
    $passive=$_SESSION['passive'];

----snip , index.php----





further down in the code, the variables are passed without any 
security/filtering checks:

----snip, index.php----

    $ftp = new ftp($server, $port, $user, $password, $passive);
    $ftp->setMode($mode);
    $ftp->setCurrentDir($currentDir);

----snip, index.php----





Code injected into the [server] field: <script>alert('executed');</script>
This is also possible for the [username],[port] and [field] options.




N_A [at] tutanota.com




--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com