Ipswitch WS_FTP Server FTP Command HTML Injection Vulnerability
BID:25429
Info
Ipswitch WS_FTP Server FTP Command HTML Injection Vulnerability
| Bugtraq ID: | 25429 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 23 2007 12:00AM |
| Updated: | Aug 31 2007 11:22PM |
| Credit: | John Harwold is credited with the discovery of this vulnerability. |
| Vulnerable: |
Ipswitch WS_FTP Server 6.0 |
| Not Vulnerable: | |
Discussion
Ipswitch WS_FTP Server FTP Command HTML Injection Vulnerability
Ipswitch WS_FTP Server is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to execute HTML and script code in the context of the administrative web interface, to steal cookie-based authentication credentials, or to control how the site is rendered to the site administrator; other attacks are also possible.
This issue affects WS_FTP Server 6; previous versions may be affected as well.
Ipswitch WS_FTP Server is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to execute HTML and script code in the context of the administrative web interface, to steal cookie-based authentication credentials, or to control how the site is rendered to the site administrator; other attacks are also possible.
This issue affects WS_FTP Server 6; previous versions may be affected as well.
Exploit / POC
Ipswitch WS_FTP Server FTP Command HTML Injection Vulnerability
Attackers can use client FTP applications to exploit this issue.
The researcher who discovered this issue states that a proof of concept is available, but the researcher has not released it to the public.
Attackers can use client FTP applications to exploit this issue.
The researcher who discovered this issue states that a proof of concept is available, but the researcher has not released it to the public.
Solution / Fix
Ipswitch WS_FTP Server FTP Command HTML Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Ipswitch WS_FTP Server FTP Command HTML Injection Vulnerability
References:
References:
- Ipswitch WS_FTP Server Homepage (Ipswitch)