[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Reflected XSS in n SolarWinds Serv-U FTP Server
From: Chris <lists () mailchris ! com>
Date: 2019-01-31 22:06:57
Message-ID: l7BMG5TB2ICtK4p6lILhY8f7hSOfXtYdQ3x01ZmGCemCTCEt-MMHmneeFygGk6isW0nueXCmBF-9Dd6uujwinSmxzETcij1bGtSl088iaug= () mailchris ! com
[Download RAW message or body]
Issue: Reflected Cross-Site Scripting
CVE: CVE-2018-19934
Security researcher: Chris Moberly @ The Missing Link Security
Product name: Serv-U FTP Server
Product version: Tested on 15.1.6.25 (current as of Dec 2018)
Fixed in: Serv-U 15.1.6 hotfix 3
# Overview
The Serv-U FTP Server is vulnerable to a reflected cross-site scripting
attack at the following injection points:
**Injection Point: URL Path**
* /Admin/XML
* /Admin/XML/Result.xml
As a proof of concept, browsing to the URLs below while authenticated as a
member of one of the administrative groups will produce a harmless JavaScript
alert box.
* /Admin/XML/Result.xml%22%3balert('XSS!')//xxx?Command=DismissWhatsNew
* /Admin/XML%22%3balert('XSS!')//xxx/Result.xml?Command=DismissWhatsNew
Additionally, another less-likely injection point was found in a POST
parameter. This can be demonstrated in the UI by defining an SMTP server
and sending a test alert. The affected URL is as follows:
**Injection Point: HTTP POST Parameter**
* /Admin/XML/SMTPResult.xml ('SMTPServer' parameter)
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic