XSS vulnerability

Brought to you by: alfalogic, evwijk

#17 XSS vulnerability

Milestone: v1.0 (example)

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2016-08-03

Created: 2016-08-03

Creator: Jean-Philippe Pialasse

Private: No

see https://packetstormsecurity.com/files/137001/phpwebftp-xss.txt

PHPWebFTP ver 3.3b - xss vulnerability , by N_A.
N_A [at] tutanota.com

Vendor has notified

Description

phpWebFTP enables connections to FTP servers, even behind a firewall not
allowing traffic. phpWebFTP bypasses the firewall by making a FTP connection
from your web server to the FTP server and transferring the files to your web
client over the http protocol

Vulnerability

PHPWebFTP ver 3.3b allows malicious code injection due to some variables we
can control. This allows an attacker to inject malicious code to carry out
XSS attacks upon the program.

----snip , index.php----

$server=$_SESSION['server'];
$user=$_SESSION['user'];
$password=$_SESSION['password'];
$language=$_SESSION['language'];
$port=$_SESSION['port'];
$passive=$_SESSION['passive'];

----snip , index.php----

further down in the code, the variables are passed without any
security/filtering checks:

----snip, index.php----

$ftp = new ftp($server, $port, $user, $password, $passive);
$ftp->setMode($mode);
$ftp->setCurrentDir($currentDir);

----snip, index.php----

Code injected into the [server] field: <script>alert('executed');</script>
This is also possible for the [username],[port] and [field] options.

N_A [at] tutanota.com

--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com

Discussion

Jean-Philippe Pialasse - 2016-08-03

here is possible fix. it is alsopresent in v4.

webftp.patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

XSS vulnerability

Group

Searches

Help

#17 XSS vulnerability

Description

Vulnerability

Discussion