[contribteam] [Bug 9528] XSS security issue in phpwebftp 3.3b
== Please DO NOT REPLY to this mail or send email to the developers about this bug. Please follow-up to Bugzilla using this link: https://bugs.contribs.org/show_bug.cgi?id=9528 Have you checked the Frequently Asked Questions (FAQ)? http://wiki.contribs.org/SME_Server:Documentation:FAQ Please also take the time to read the following useful guide: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html == Jean-Philippe Pialassechanged: What|Removed |Added Status|RESOLVED|CLOSED --- Comment #3 from Jean-Philippe Pialasse --- verified closed -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 9528] XSS security issue in phpwebftp 3.3b
== Please DO NOT REPLY to this mail or send email to the developers about this bug. Please follow-up to Bugzilla using this link: https://bugs.contribs.org/show_bug.cgi?id=9528 Have you checked the Frequently Asked Questions (FAQ)? http://wiki.contribs.org/SME_Server:Documentation:FAQ Please also take the time to read the following useful guide: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html == Jean-Philippe Pialassechanged: What|Removed |Added Status|CONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #2 from Jean-Philippe Pialasse --- fixed /usr/bin/plague-client build smeserver-phpwebftp smeserver-phpwebftp-4_0-11_el6_sme contribs9 Package smeserver-phpwebftp enqueued. Job ID: 1410. %changelog * Wed Aug 03 2016 Jean-Philipe Pialasse 4.0-11.sme - fix XSS security issue in phpwebftp [SME: 9528] - https://sourceforge.net/p/phpwebftp/bugs/17/ - add utf8 in meta to fix bad display in French -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 9528] XSS security issue in phpwebftp 3.3b
== Please DO NOT REPLY to this mail or send email to the developers about this bug. Please follow-up to Bugzilla using this link: https://bugs.contribs.org/show_bug.cgi?id=9528 Have you checked the Frequently Asked Questions (FAQ)? http://wiki.contribs.org/SME_Server:Documentation:FAQ Please also take the time to read the following useful guide: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html == --- Comment #1 from Jean-Philippe Pialasse--- Created attachment 5672 --> https://bugs.contribs.org/attachment.cgi?id=5672=edit webftp.patch -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 9528] XSS security issue in phpwebftp 3.3b
== Please DO NOT REPLY to this mail or send email to the developers about this bug. Please follow-up to Bugzilla using this link: https://bugs.contribs.org/show_bug.cgi?id=9528 Have you checked the Frequently Asked Questions (FAQ)? http://wiki.contribs.org/SME_Server:Documentation:FAQ Please also take the time to read the following useful guide: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html == Jean-Philippe Pialassechanged: What|Removed |Added Blocks|8679| -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 9528] XSS security issue in phpwebftp 3.3b
== Please DO NOT REPLY to this mail or send email to the developers about this bug. Please follow-up to Bugzilla using this link: https://bugs.contribs.org/show_bug.cgi?id=9528 Have you checked the Frequently Asked Questions (FAQ)? http://wiki.contribs.org/SME_Server:Documentation:FAQ Please also take the time to read the following useful guide: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html == Unnilenniumchanged: What|Removed |Added Blocks||8679 -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 9528] XSS security issue in phpwebftp 3.3b
== Please DO NOT REPLY to this mail or send email to the developers about this bug. Please follow-up to Bugzilla using this link: https://bugs.contribs.org/show_bug.cgi?id=9528 Have you checked the Frequently Asked Questions (FAQ)? http://wiki.contribs.org/SME_Server:Documentation:FAQ Please also take the time to read the following useful guide: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html == Bug ID: 9528 Summary: XSS security issue in phpwebftp 3.3b Classification: Contribs Product: SME Contribs Version: 8.2 Hardware: --- OS: --- Status: CONFIRMED Severity: normal Priority: P3 Component: smeserver-phpwebftp Assignee: jean-p...@leclere.org Reporter: te...@pialasse.com QA Contact: contribteam@lists.contribs.org https://packetstormsecurity.com/files/137001/phpwebftp-xss.txt from what i know we use 3.3a, so it might be present too PHPWebFTP ver 3.3b - xss vulnerability , by N_A. N_A [at] tutanota.com Vendor has notified Description phpWebFTP enables connections to FTP servers, even behind a firewall not allowing traffic. phpWebFTP bypasses the firewall by making a FTP connection from your web server to the FTP server and transferring the files to your web client over the http protocol Vulnerability - PHPWebFTP ver 3.3b allows malicious code injection due to some variables we can control. This allows an attacker to inject malicious code to carry out XSS attacks upon the program. snip , index.php $server=$_SESSION['server']; $user=$_SESSION['user']; $password=$_SESSION['password']; $language=$_SESSION['language']; $port=$_SESSION['port']; $passive=$_SESSION['passive']; snip , index.php further down in the code, the variables are passed without any security/filtering checks: snip, index.php $ftp = new ftp($server, $port, $user, $password, $passive); $ftp->setMode($mode); $ftp->setCurrentDir($currentDir); snip, index.php Code injected into the [server] field: alert('executed'); This is also possible for the [username],[port] and [field] options. N_A [at] tutanota.com -- Securely sent with Tutanota. Claim your encrypted mailbox today! https://tutanota.com -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/