[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Easy file sharing web server - persist XSS in forum msgs
I saw a posting a month or 2 ago for a BOF in an FTP server belonging to EFS Software here: http://www.securityfocus.com/bid/19243
At first there was no additional details provided and I hunted up and down before finding it after some fuzzing (stack smash in password).
While on the hunt, I found one not listed.
Easy file sharing web server - XSS in forum messages.
Example exploit in test message:
Peeking inside with IDA, we see why:
.data:0055D61C ; char aImgSrcSBorde_0
.data:0055D61C aImgSrcSBorde_0 db '<img src=%s border=0>',0 ; DATA XREF: sub_41B930+49F
.data:0055D61C ; sub_41FC10+6B2 ...
Following the subroutine, there's no real formatting or escaping done. I mean the forum posting does attempt some form of filtering, but its bypassed easily.