PHPWebFTP 3.3b Cross Site Scripting

2016-05-08T00:00:00
ID PACKETSTORM:137001
Type packetstorm
Reporter N_A
Modified 2016-05-08T00:00:00

Description

                                        
                                            `PHPWebFTP ver 3.3b - xss vulnerability , by N_A.  
N_A [at] tutanota.com  
  
  
Vendor has notified  
  
  
  
Description  
----------------  
  
  
  
phpWebFTP enables connections to FTP servers, even behind a firewall not   
allowing traffic. phpWebFTP bypasses the firewall by making a FTP connection   
from your web server to the FTP server and transferring the files to your web   
client over the http protocol  
  
  
  
Vulnerability  
-------------  
  
  
PHPWebFTP ver 3.3b allows malicious code injection due to some variables we   
can control. This allows an attacker to inject malicious code to carry out   
XSS attacks upon the program.  
  
  
----snip , index.php----  
  
$server=$_SESSION['server'];  
$user=$_SESSION['user'];  
$password=$_SESSION['password'];  
$language=$_SESSION['language'];  
$port=$_SESSION['port'];  
$passive=$_SESSION['passive'];  
  
----snip , index.php----  
  
  
  
  
  
further down in the code, the variables are passed without any   
security/filtering checks:  
  
----snip, index.php----  
  
$ftp = new ftp($server, $port, $user, $password, $passive);  
$ftp->setMode($mode);  
$ftp->setCurrentDir($currentDir);  
  
----snip, index.php----  
  
  
  
  
  
Code injected into the [server] field: <script>alert('executed');</script>  
This is also possible for the [username],[port] and [field] options.  
  
  
  
  
N_A [at] tutanota.com  
  
  
  
  
--  
Securely sent with Tutanota. Claim your encrypted mailbox today!  
https://tutanota.com  
`