lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 31 Jan 2019 22:06:57 +0000 From: Chris <lists@...lchris.com> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: [FD] Reflected XSS in n SolarWinds Serv-U FTP Server Issue: Reflected Cross-Site Scripting CVE: CVE-2018-19934 Security researcher: Chris Moberly @ The Missing Link Security Product name: Serv-U FTP Server Product version: Tested on 15.1.6.25 (current as of Dec 2018) Fixed in: Serv-U 15.1.6 hotfix 3 # Overview The Serv-U FTP Server is vulnerable to a reflected cross-site scripting attack at the following injection points: **Injection Point: URL Path** * /Admin/XML * /Admin/XML/Result.xml As a proof of concept, browsing to the URLs below while authenticated as a member of one of the administrative groups will produce a harmless JavaScript alert box. * /Admin/XML/Result.xml%22%3balert('XSS!')//xxx?Command=DismissWhatsNew * /Admin/XML%22%3balert('XSS!')//xxx/Result.xml?Command=DismissWhatsNew Additionally, another less-likely injection point was found in a POST parameter. This can be demonstrated in the UI by defining an SMTP server and sending a test alert. The affected URL is as follows: **Injection Point: HTTP POST Parameter** * /Admin/XML/SMTPResult.xml ('SMTPServer' parameter) _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists