PhpWebFtp Cross Site Scripting Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: PhpWebFtp Cross Site Scripting Vulnerability
From: arko.dhar@xxxxxxxxx
Date: 25 Apr 2006 06:45:52 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Summary
===============================================
phpWebFTP enables connections to FTP servers, even behind a firewall not 
allowing traffic. phpWebFTP bypasses the firewall by making a FTP connection 
from your webserver to the FTP server and transfering the files to your 
webclient over the http protocol

===========================================


Issue: PhpWebftp is prone to multiple XSS vulnerability .An attacker may 
leverage this issue to have arbitrary script code executed in the browser of an 
unsuspecting user in the context of the affected site. This may help the 
attacker steal cookie-based authentication credentials and launch other 
attacks.the exploit is tested on PhpWebFtp v2.3.


Proof of Concept 

XSS is possible via malicious arguments passed on the web browser using POST 
Method relative to the path of phpWebftp ie. 
http://www.anysite.com/PhpWebFtp/index.php?

server=1&port=<script>var%20sub_variable=11233;alert(sub_variable);</script>&goPassive=on&user=1&password=1&language=bulgarian

Further XSS Details and Xploits :
http://www.subjectzero.net/research/phpwebftpxss.htm

Prev by Date: [ MDKSA-2006:075 ] - Updated mozilla-firefox packages fix numerous vulnerabilities
Next by Date: [SECURITY] [DSA 1041-1] New abc2ps packages fix arbitrary code execution
Previous by thread: [ MDKSA-2006:075 ] - Updated mozilla-firefox packages fix numerous vulnerabilities
Next by thread: [SECURITY] [DSA 1041-1] New abc2ps packages fix arbitrary code execution
Index(es):
- Date
- Thread