[contribteam] [Bug 9528] XSS security issue in phpwebftp 3.3b

2016-08-08 Thread bugzilla-daemon 
==
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=9528

  Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==

Jean-Philippe Pialasse  changed:

   What|Removed |Added

 Status|RESOLVED|CLOSED

--- Comment #3 from Jean-Philippe Pialasse  ---
verified closed

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 9528] XSS security issue in phpwebftp 3.3b

2016-08-03 Thread bugzilla-daemon 
==
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=9528

  Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==

Jean-Philippe Pialasse  changed:

   What|Removed |Added

 Status|CONFIRMED   |RESOLVED
 Resolution|--- |FIXED

--- Comment #2 from Jean-Philippe Pialasse  ---
fixed
/usr/bin/plague-client build smeserver-phpwebftp
smeserver-phpwebftp-4_0-11_el6_sme contribs9
Package smeserver-phpwebftp enqueued.  Job ID: 1410.

%changelog
* Wed Aug 03 2016 Jean-Philipe Pialasse  4.0-11.sme
- fix  XSS security issue in phpwebftp [SME: 9528]
- https://sourceforge.net/p/phpwebftp/bugs/17/
- add utf8 in meta to fix bad display in French

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 9528] XSS security issue in phpwebftp 3.3b

2016-08-03 Thread bugzilla-daemon 
==
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=9528

  Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==

--- Comment #1 from Jean-Philippe Pialasse  ---
Created attachment 5672
  --> https://bugs.contribs.org/attachment.cgi?id=5672=edit
webftp.patch

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 9528] XSS security issue in phpwebftp 3.3b

2016-08-03 Thread bugzilla-daemon 
==
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=9528

  Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==

Jean-Philippe Pialasse  changed:

   What|Removed |Added

 Blocks|8679|

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 9528] XSS security issue in phpwebftp 3.3b

2016-05-26 Thread bugzilla-daemon 
==
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=9528

  Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==

Unnilennium  changed:

   What|Removed |Added

 Blocks||8679

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 9528] XSS security issue in phpwebftp 3.3b

2016-05-26 Thread bugzilla-daemon 
==
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=9528

  Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==

Bug ID: 9528
   Summary: XSS security issue in phpwebftp 3.3b
Classification: Contribs
   Product: SME Contribs
   Version: 8.2
  Hardware: ---
OS: ---
Status: CONFIRMED
  Severity: normal
  Priority: P3
 Component: smeserver-phpwebftp
  Assignee: jean-p...@leclere.org
  Reporter: te...@pialasse.com
QA Contact: contribteam@lists.contribs.org

https://packetstormsecurity.com/files/137001/phpwebftp-xss.txt

from what i know we use 3.3a, so it might be present too

PHPWebFTP ver 3.3b - xss vulnerability , by N_A.
N_A [at] tutanota.com


Vendor has notified



Description




phpWebFTP enables connections to FTP servers, even behind a firewall not 
allowing traffic. phpWebFTP bypasses the firewall by making a FTP connection 
from your web server to the FTP server and transferring the files to your web 
client over the http protocol



Vulnerability
-


PHPWebFTP ver 3.3b allows malicious code injection due to some variables we 
can control. This allows an attacker to inject malicious code to carry out 
XSS attacks upon the program.


snip , index.php

$server=$_SESSION['server'];
$user=$_SESSION['user'];
$password=$_SESSION['password'];
$language=$_SESSION['language'];
$port=$_SESSION['port'];
$passive=$_SESSION['passive'];

snip , index.php





further down in the code, the variables are passed without any 
security/filtering checks:

snip, index.php

$ftp = new ftp($server, $port, $user, $password, $passive);
$ftp->setMode($mode);
$ftp->setCurrentDir($currentDir);

snip, index.php





Code injected into the [server] field: alert('executed');
This is also possible for the [username],[port] and [field] options.




N_A [at] tutanota.com




--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/