mailing list archives
Easy file sharing web server - persist XSS in forum msgs
From: joseph.giron13 () gmail com
Date: Fri, 25 Jul 2014 04:31:31 GMT
I saw a posting a month or 2 ago for a BOF in an FTP server belonging to EFS Software here:
At first there was no additional details provided and I hunted up and down before finding it after some fuzzing (stack
smash in password).
While on the hunt, I found one not listed.
Easy file sharing web server - XSS in forum messages.
Its persistent XSS. Don't see that much these days. The BB code (which looks suspiciously like it was lifted from
Example exploit in test message:
Peeking inside with IDA, we see why:
.data:0055D61C ; char aImgSrcSBorde_0
.data:0055D61C aImgSrcSBorde_0 db '<img src=%s border=0>',0 ; DATA XREF: sub_41B930+49F
.data:0055D61C ; sub_41FC10+6B2 ...
Following the subroutine, there's no real formatting or escaping done. I mean the forum posting does attempt some form
of filtering, but its bypassed easily.
- Easy file sharing web server - persist XSS in forum msgs joseph . giron13 (Jul 25)