FireFTP Firefox extended double quotation mark Security Bypass Vulnerability

Source: Internet
Author: User

 

Figure-FireFTP

FireFTP FirefoxExtended double quotation mark Security Bypass Vulnerability, the method is very simple.

Bugraq ID: 36536

Cncan id: CNCAN-2009093003

Vulnerability cause

Input verification error

Impact System

FireFTP 1.0.5

Unaffected System

FireFTP 1.0.6

Hazards

Remote attackers can exploit this vulnerability to bypass security restrictions and perform unauthorized operations.

Attack Conditions

Attackers must construct malicious files to trick users into processing them.

Vulnerability Information

FireFTP Firefox is an FTP client Extension Based on Mozilla Firefox.

When fireftpis processing the file name, it is passed to psftp.exe without any authorization. Attackers can trick users into downloading the file to the Firefox installation directory or performing non-period SFTP operations through specially named files on the SFTP server.

Successful exploitation of the vulnerability requires an attacker to trick the user into performing a move, delete, mode change operation on the SFTP server or download a file with a special name from the SFTP server.

Test Method

Vendor solutions

You can upgrade to FireFTP 1.0.6:

FireFTP 1.0.5

FireFTP fireftp-1.0.6-fx.xpi

Http://releases.mozilla.org/pub/mozilla.org/addons/684/fireftp-1.0.6-f x. xpi

Vulnerability provider

Tan Chew Keong

Vulnerability message Link

Http://vuln.sg/fireftp105-en.html

Vulnerability Message Title

FireFTP for FireFox SFTP Command Manipulation Security Issue

I am sure you know how to fix the FireFTP vulnerability! Hope to be useful to everyone!

  • Start fireFTP extension of firefox separately
  • How to Use fireftp provided by firefox to upload webpages
  • FireFTP --- firfox Extension
  • Use text in FireFTP
  • Configure fireFTP in ubuntu 9.04
  • FireFTP usage
  • Help you solve FireFTP Chinese garbled Problem

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.