Title : FTGateOffice/FTGatePro V1.2 Multiple vulnerabilities Reported : dr_insane at pathfinder.gr Remote : Yes Local : Yes Class : Path exposure , Cross site scripting , Validation errors Severity : Low Date : 2/4/2004 ---------------------------------------------------------------- Product Description: -------------------- FTGate is a professional, award winning family of mail server applications that offer you exceptional performance, comprehensive features, ease of use and advanced security features in a cost effective package.FTGateOffice is our most popular mail server, offering a quality, feature packed mail server in a cost effective easy to use package. With a host of advanced features FTGateOffice is suitable for large or small organizations interested in installing a mail server or replacing their current mail server with a solid reliable product. Features include: POP3/SMTP/HTTP servers, Web Mail, WebAdmin, Anti-Virus support, Content Filtering, Attachment Filtering. Technical Analysis: ------------------- Some vulnerabilties have been identified in FTGateOffice/FTGatePro V1.2 allowing malicious people to conduct Cross Site Scripting attacks and gain valuable information about the remote server. 1)The first vulnerability is a CSS attack that allows an attacker to inject arbitrary HTML code into a web page. An attacker could guide the victim to a specially crafted URL that, when followed, would send the cookie to the attacker. With the cookie of a user, an attacker would be able to hijack his account. http://127.0.0.1/addresses/individual.fts In the field "Display name" an attacker can insert code. 2) There is also a secondary problem that reveal the server's physical path.The problem exists in the "id" paramatre. http://[host]/inbox/message.fts?folder=Sent%20Items&id=test 3)The third problem is tha FTGATE handles the folder arguments without any validation http://127.0.0.1/inbox/index.fts?folder=TEST&index=1 credit: ------- Vulnerabillity found and tested by dr_insane ______________________________________________________________________________________ http://mobile.pathfinder.gr - Pathfinder Mobile logos & Ringtones! http://www.pathfinder.gr - Δωρεάν mail από τον Pathfinder!