Tuesday 31 January 2012

Reflected XSS in Free PHFTP 4.2

# TITLE ..... # Reflected XSS in Free PHFTP 4.2 ..........#
# DATE ...... # 30.01.2012 ............................. #
# AUTOHR .... # HauntIT Blog ............................. #
# SOFT LINK . # http://www.mindcatch.com/ ......... #
# VERSION ... # 4.2 ............................. #
# TESTED ON . # LAMP ............................. #
#............................................#

# 1. What is this?
# 2. What is the type of vulnerability?
# 3. Where is bug :)
# 4. More...

#............................................#
# 1. What is this?
 This is FTP client written in PHP. Very nice :)
You should try it.

# 2. What is the type of vulnerability?
 Its reflected XSS located in "Host" form of default PHFTP start-page.
Set up "Host" to:
'><script>alert(123)</script>
to see vulnerability.

# 3. Where is bug :)
ftp.php

# 4. More...

- http://www.mindcatch.com
- http://hauntit.blogspot.com
- http://www.google.com

# Best regards
#

No comments:

Post a Comment

What do You think...?