# TITLE ..... # Reflected XSS in Free PHFTP 4.2 ..........#
# DATE ...... # 30.01.2012 ............................. #
# AUTOHR .... # HauntIT Blog ............................. #
# SOFT LINK . # http://www.mindcatch.com/ ......... #
# VERSION ... # 4.2 ............................. #
# TESTED ON . # LAMP ............................. #
#............................................#
# 1. What is this?
# 2. What is the type of vulnerability?
# 3. Where is bug :)
# 4. More...
#............................................#
# 1. What is this?
This is FTP client written in PHP. Very nice :)
You should try it.
# 2. What is the type of vulnerability?
Its reflected XSS located in "Host" form of default PHFTP start-page.
Set up "Host" to:
'><script>alert(123)</script>
to see vulnerability.
# 3. Where is bug :)
ftp.php
# 4. More...
- http://www.mindcatch.com
- http://hauntit.blogspot.com
- http://www.google.com
# Best regards
#
No comments:
Post a Comment
What do You think...?